#cve_2023_46805 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cve_2023_46805, aggregated by home.social.
-
MITRE disclosed that one of their research and development networks was compromised by a foreign nation-state threat actor in January 2024 using Ivanti Connect Secure zero-days CVE-2023-46805 and CVE-2024-21887. Networked Experimentation, Research, and Virtualization Environment (NERVE) is a collaborative network used for research, development, and prototyping. MITRE included a timeline, observed TTP methods (mapped out to MITRE ATT&CK techniques cc: @howelloneill) and their incident response actions. No IOC provided. 🔗 https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks and https://medium.com/mitre-engenuity/advanced-cyber-threats-impact-even-the-most-prepared-56444e980dc8 h/t @reverseics
#MITRE #Ivanti #ConnectSecure #CVE_2023_46805 #CVE_2024_21887 #threatintel #cyberespionage
-
I buried the lede in not mentioning that UNC5291 is assessed with medium confidence to be associated with Volt Typhoon, a Chinese state-sponsored Advanced Persistent Threat (APT). See related The Record reporting: Volt Typhoon and 4 other groups targeting US energy and defense sectors through Ivanti bugs
#Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291
-
Mandiant releases part 4 of the Ivanti Connect Secure incident response investigation. They detail different types of post-exploitation activity across their IR engagements. Chinese threat actors have a growing knowledge of Ivanti Connect Secure in abusing appliance-specific functionality to perform actions on objective. They highlight FIVE Chinese threat actors: UNC5221, UNC5266, UNC5330, UNC5337, and UNC5291 abusing a mix of CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. New TTPs, new malware families and new IOC: 🔗 https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement
EDIT: For your situational awareness, it's my understanding that future Mandiant articles will be located at https://cloud.google.com/blog/topics/threat-intelligence/
#Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291
-
We're still discovering further ramifications to #Ivanti's #PulseSecure vulnerabilities (#CVE_2023_46805 & #CVE_2024_21887). In February, we identified two new backdoors: #SparkCockpit & #SparkTar. Both backdoors employ selective interception of TLS communication, offer multiple degrees of persistence and access possibilities into the victim network (e.g., traffic tunneling through SOCKS proxy).
👀 Analysis & detection rules at https://blog.nviso.eu/2024/03/01/covert-tls-n-day-backdoors-sparkcockpit-sparktar/
The findings of our investigation have been independently corroborated by the research performed by Mandiant and have partially been observed by Fortinet.