Cloud Threat Landscape

Incidents
Actors
Techniques
Defenses
ABC Poster
Periodic Table
Tools
Targeted Technologies
About
RSS
STIX
Back to wiz.io

Cloud Threat Landscape

Ivanti Connect Secure targeting campaign

Type

Campaign

Actors

Pub. date

January 10, 2024

Initial access

0-day vulnerability

Impact

Unknown

Observed tools

PySoxy LIGHTWIRE THINSPOOL WARPWIRE WIREFIRE enum4Linux ZIPLINE BUSHWALK CHAINLINE FRAMESTING Impacket CrackMapExec iodine DSLog

Targeted technologies

Ivanti Connect Secure VPN

References

https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gatewayshttps://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-dayhttps://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitationhttps://quointelligence.eu/2024/01/unc5221-unreported-and-undetected-wirefire-web-shell-variant/https://www.synacktiv.com/publications/krustyloader-rust-malware-linked-to-ivanti-connectsecure-compromiseshttps://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/https://www.orangecyberdefense.com/global/blog/research/ivanti-connect-secure-journey-to-the-core-of-the-dslog-backdoorhttps://therecord.media/cisa-takes-two-systems-offline-following-ivanti-compromise

Status

Stub

Last edited

Jun 2, 2024 8:02 AM

Made with 💙 by Wiz

Last Updated: April 3, 2025

	
		OSZAR »