Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Ivanti Vulnerabilities Exploited Globally

Opera Browser MyFlaw Security Breach Warning

January 16, 2024
Reading Time: 3 mins read
in Alerts

The Ivanti Connect Secure VPN and Policy Secure network access control (NAC) appliances are under mass exploitation due to two zero-day vulnerabilities, as revealed by threat intelligence company Volexity. These vulnerabilities involve an authentication bypass (CVE-2023-46805) and a command injection flaw (CVE-2024-21887), enabling attackers to execute arbitrary commands on affected systems. Volexity discovered that multiple threat groups have been exploiting these vulnerabilities since January 11, targeting a global array of victims, ranging from small businesses to Fortune 500 companies, government departments, military organizations, defense contractors, and more. The attackers utilized a GIFTEDVISITOR webshell variant, compromising over 1,700 ICS VPN appliances globally.

Despite Ivanti not yet releasing patches for the actively exploited zero-days, Volexity recommends mitigation measures, urging administrators to ensure the appliances’ management interface is not exposed online and advising upgrades to the latest firmware versions once available. The threat monitoring service Shadowserver identifies over 16,800 ICS VPN appliances exposed online, with almost 5,000 in the United States. The attacks have escalated beyond a limited number of customers, involving a suspected Chinese state-backed threat actor (UTA0178 or UNC5221) and multiple other threat groups, deploying various custom malware strains to achieve their objectives. These attacks underscore the growing sophistication and widespread impact of exploiting vulnerabilities in widely used network security appliances.

The compromised Ivanti appliances were targeted through a series of sophisticated attacks, with the threat actors deploying custom malware strains, including Zipline Passive Backdoor, Thinspool Dropper, Wirefire web shell, Lightwire web shell, Warpwire harvester, PySoxy tunneler, BusyBox, and Thinspool utility. The most notable, Zipline, serves as a passive backdoor intercepting network traffic and providing various capabilities like file transfer, reverse shell, tunneling, and proxying. The attackers, suspected to be backed by China, have shown a consistent pattern of exploiting zero-days in Ivanti products, highlighting the need for proactive cybersecurity measures and ongoing vigilance to safeguard against such sophisticated attacks.

Reference:
  • Ivanti Connect Secure VPN Exploitation Goes Global
Tags: Cyber AlertCyber Alerts 2024Cyber RiskCyber threatIvantiJanuary 2024VolexityVulnerabilities
ADVERTISEMENT

Related Posts

Paterson & Dowding Data Breach Confirmed

Npm Packages Steal Developer Logins

October 29, 2025
Paterson & Dowding Data Breach Confirmed

Android Trojan Herodotus Outsmarts Systems

October 29, 2025
Paterson & Dowding Data Breach Confirmed

X Warns Users To Re-enroll Keys Soon

October 29, 2025
Toys R Us Canada Data Breach Alert

Fake LastPass Death Claims Breach Vaults

October 28, 2025
Toys R Us Canada Data Breach Alert

ChatGPT Atlas Browser Fooled By Fake Url

October 28, 2025
Toys R Us Canada Data Breach Alert

Chrome Zero Day Delivers LeetAgent

October 28, 2025

Latest Alerts

Npm Packages Steal Developer Logins

Android Trojan Herodotus Outsmarts Systems

X Warns Users To Re-enroll Keys Soon

Fake LastPass Death Claims Breach Vaults

ChatGPT Atlas Browser Fooled By Fake Url

Chrome Zero Day Delivers LeetAgent

Subscribe to our newsletter

    Latest Incidents

    Schneider And Emerson Hit By Oracle Hack

    M-TIBA Faces Possible Data Breach

    Paterson & Dowding Data Breach Confirmed

    Google Contractor Steals Play Files

    Vibra Hospital Data Breach Probe

    Hackers Target Swedish Power Grid

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial