Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Ivanti Vulnerabilities Exploited Globally

Opera Browser MyFlaw Security Breach Warning

January 16, 2024
Reading Time: 3 mins read
in Alerts

The Ivanti Connect Secure VPN and Policy Secure network access control (NAC) appliances are under mass exploitation due to two zero-day vulnerabilities, as revealed by threat intelligence company Volexity. These vulnerabilities involve an authentication bypass (CVE-2023-46805) and a command injection flaw (CVE-2024-21887), enabling attackers to execute arbitrary commands on affected systems. Volexity discovered that multiple threat groups have been exploiting these vulnerabilities since January 11, targeting a global array of victims, ranging from small businesses to Fortune 500 companies, government departments, military organizations, defense contractors, and more. The attackers utilized a GIFTEDVISITOR webshell variant, compromising over 1,700 ICS VPN appliances globally.

Despite Ivanti not yet releasing patches for the actively exploited zero-days, Volexity recommends mitigation measures, urging administrators to ensure the appliances’ management interface is not exposed online and advising upgrades to the latest firmware versions once available. The threat monitoring service Shadowserver identifies over 16,800 ICS VPN appliances exposed online, with almost 5,000 in the United States. The attacks have escalated beyond a limited number of customers, involving a suspected Chinese state-backed threat actor (UTA0178 or UNC5221) and multiple other threat groups, deploying various custom malware strains to achieve their objectives. These attacks underscore the growing sophistication and widespread impact of exploiting vulnerabilities in widely used network security appliances.

The compromised Ivanti appliances were targeted through a series of sophisticated attacks, with the threat actors deploying custom malware strains, including Zipline Passive Backdoor, Thinspool Dropper, Wirefire web shell, Lightwire web shell, Warpwire harvester, PySoxy tunneler, BusyBox, and Thinspool utility. The most notable, Zipline, serves as a passive backdoor intercepting network traffic and providing various capabilities like file transfer, reverse shell, tunneling, and proxying. The attackers, suspected to be backed by China, have shown a consistent pattern of exploiting zero-days in Ivanti products, highlighting the need for proactive cybersecurity measures and ongoing vigilance to safeguard against such sophisticated attacks.

Reference:
  • Ivanti Connect Secure VPN Exploitation Goes Global
Tags: Cyber AlertCyber Alerts 2024Cyber RiskCyber threatIvantiJanuary 2024VolexityVulnerabilities
ADVERTISEMENT

Related Posts

Hackers Target Libraesva Email Flaw

Hackers Target Libraesva Email Flaw

September 30, 2025
Hackers Target Libraesva Email Flaw

ShadowV2 Botnet Targets Misconfigured AWS

September 30, 2025
Hackers Target Libraesva Email Flaw

Cisco Warns Of IOS Zero Day Bug

September 30, 2025
Fake Microsoft Teams Installers Spread

Fake Microsoft Teams Installers Spread

September 30, 2025
Fake Microsoft Teams Installers Spread

Cybercriminals Use Facebook Google Ads

September 30, 2025
Fake Microsoft Teams Installers Spread

CISA Warns Of Critical Sudo Flaw

September 30, 2025

Latest Alerts

Hackers Target Libraesva Email Flaw

ShadowV2 Botnet Targets Misconfigured AWS

Cisco Warns Of IOS Zero Day Bug

CISA Warns Of Critical Sudo Flaw

Cybercriminals Use Facebook Google Ads

Fake Microsoft Teams Installers Spread

Subscribe to our newsletter

    Latest Incidents

    Ukrainian Hackers Breach Crimean Servers

    Ransomware Gang Claims Maryland Breach

    Arizona School District Data Breach

    Attackers Take Down Asahi Brewer

    Harrods Alerts Customers To Breach

    Hackers Steal Photos From Kido Nursery

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial