Summary: The US government has disclosed details of two exploit chains used by Chinese hackers to infiltrate Ivanti Cloud Service Appliances (CSA), highlighting significant vulnerabilities. Four critical security flaws have been identified, which are actively exploited by these threat actors. The advisory emphasizes the importance of monitoring and securing affected systems to prevent further intrusions.
Threat Actor: UNC5221 | UNC5221
Victim: Ivanti | Ivanti
Keypoints :
- US agencies released IOCs and forensics data related to the exploitation of Ivanti CSA.
- Four documented vulnerabilities (CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, CVE-2024-9380) are being exploited by Chinese cyberspies.
- Mandiant traced the attacks to UNC5221, which has previously targeted Ivanti products and used various custom malware families.