The Download
MITRE, the organization that publishes the definitive guide to adversary tactics and techniques (MITRE ATT&CK) is the latest publicly acknowledged victim of Ivanti vulnerabilities. MITRE says they were breached in January through Ivanti zero-days in its Connect Secure VPN product.
In January, CISA issued its first emergency directive of the year to Federal agencies requiring them to patch the Ivanti vulnerabilities or to disable the service. CISA later acknowledged that its own critical infrastructure servers were breached through the vulnerabilities.
Google's Mandiant has traced the attacks to threat actor named UNC5221, which is linked to Chinese government. Security research firm Volexity claims Chinese hackers have compromised over 2100 networks through the Connect Secure vulnerabilities.
What You Can Do
We have extensively covered the Ivanti Connect Secure vulnerabilities in other blogs. In addition, we have seen vulnerabilities in other security companies' VPN products including Fortinet, Cisco, and most recently Palo Alto Networks compromised by sophisticated attackers.
Clearly remote access is a target for sophisticated adversaries as it gives unfettered access to networks. Understanding this attack surface and ensuring you are patched against vulnerabilities is critical to your network security.
To Learn More: