CTOLCTOL Solutions
CTOL Digital SolutionsCTOL Digital Solutions FRCTOL Digital Solutions DACHCTOL 디지털 솔루션希图科技
News
Services CIO/CTO AdvisoryCloud ComputingDigital Marketing and SalesData Science and Business IntelligenceGenerative AI for BusinessWeb3 and Defi for EnterpriseWeb and Mobile Apps DevelopmentDigital Business ConsultancyLegacy App ModernizationWeb Design and User Experience
Industries Aerospace and DefenseAutomotiveBankingCapital MarketsCommunications and MediaConsumer Goods and ServicesEnergyHealth and Health CareInternetManufacturingInsurancePublic & Social SectorRetailTravelTelecommunicationsPharmaPrivate Equity & venture CapitalEducationOil and GasReal EstateConstruction and Building MaterialLegal ServicesGastronomy and Hospitality
InsightsSoftwareAI Tools
Contact Us
Ivanti Products Vulnerable to Ongoing Cyber Attacks by Chinese-Backed Hackers

Ivanti Products Vulnerable to Ongoing Cyber Attacks by Chinese-Backed Hackers

By
Chen Wei-Hua
2 min read
Internetbusiness

Key Takeaways

  • Hackers continue abusing multiple vulnerabilities in Ivanti products, which were discovered and patched early this year.
  • Chinese-backed hacking collective Volt Typhoon, warned cybersecurity researchers from Google-owned Mandiant, reported “multiple clusters of activity” surrounding CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893.
  • Government agencies, small and medium-sized businesses (SMB), and enterprises were all victims of the sharp increase in attacks, with a majority in aerospace, banking, defense, and government.
  • Multiple hacking groups, including Volt Typhoon, UNC5221, UNC5266, UNC5330, and UNC5337, were active, with Mandiant identifying financially motivated actors exploiting vulnerabilities likely to enable operations such as crypto-mining.
  • Mandiant says there is no evidence Volt Typhoon successfully breached anyone’s Connect Secure instances.

News Content

Hackers are still exploiting multiple vulnerabilities in Ivanti products, targeting Connect Secure and Policy Secure gateways, which were discovered and patched earlier this year. According to cybersecurity researchers, the infamous Chinese-backed hacking group Volt Typhoon is among the groups abusing these flaws, comprising activity surrounding specific CVEs. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned government agencies to promptly patch these vulnerabilities, as they are being widely exploited, particularly by Chinese-sponsored actors, with an increase in attacks observed after January 11.

Furthermore, in addition to Volt Typhoon, other groups - UNC5221, UNC5266, UNC5330, and UNC5337 - have also been active. Mandiant, a Google-owned cybersecurity firm, has identified financially motivated actors exploiting the vulnerabilities, likely for operations such as crypto-mining. While there is no evidence of successful breaches by Volt Typhoon, various malware variants have been deployed where the attackers have been successful. These findings have implications for various sectors, including aerospace, banking, defense, and government, in which numerous entities have fallen victim to these attacks.

Analysis

The recent exploitation of vulnerabilities in Ivanti products has been attributed to the actions of various hacking groups, including the Chinese-backed Volt Typhoon. The immediate consequence is the increased threat posed to government agencies and sectors like aerospace, banking, defense, and government, with potential breaches leading to data compromise and financial loss. In the long term, this could lead to increased investments in cybersecurity measures and heightened awareness of such vulnerabilities. The involvement of financially motivated actors also hints at potential future crypto-mining operations. Raising awareness and prompt patching of vulnerabilities are essential short-term strategies, while long-term solutions may involve stricter cybersecurity regulations and improved threat detection mechanisms.

Do You Know?

  • Ivanti Products: These are software products developed by the company Ivanti, which are used for IT asset management, endpoint security, and other IT-related tasks. The vulnerabilities in these products are being exploited by hackers, making them susceptible to cyber attacks.

  • Connect Secure and Policy Secure Gateways: These are specific components within the Ivanti products that are being targeted by hackers. They serve as access points to networks and can be exploited if not properly secured, allowing unauthorized access and potential data breaches.

  • CVEs (Common Vulnerabilities and Exposures): CVEs are unique identifiers assigned to publicly known cybersecurity vulnerabilities. The specific CVEs referenced in the article indicate the particular vulnerabilities that are being exploited by hackers targeting Ivanti products.

You May Also Like

This article is submitted by our user under the News Submission Rules and Guidelines. The cover photo is computer generated art for illustrative purposes only; not indicative of factual content. If you believe this article infringes upon copyright rights, please do not hesitate to report it by sending an email to us. Your vigilance and cooperation are invaluable in helping us maintain a respectful and legally compliant community.

Subscribe to our Newsletter

Get the latest in enterprise business and tech with exclusive peeks at our new offerings