#unc4841 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #unc4841, aggregated by home.social.
-
Our team at Mandiant just released details on 🇨🇳 #UNC5325, who exploited CVE-2024-21893 and CVE-2024-21887 to deploy novel malware in an attempt to remain embedded in compromised #ivanti appliances even through factory resets, system upgrades, and patches.
Notably, we identified TTP and malware code overlaps with the advanced China-nexus espionage group #UNC3886 who exploited CVE-2023-34048 in VMWare as far back as late 2021.
Similar to #UNC4841 familiarity with Barracuda ESGs, UNC5325 demonstrates significant knowledge of the Ivanti Connect Secure appliance as seen in both the malware they used and the attempts to persist across factory resets.
https://www.mandiant.com/resources/blog/investigating-ivanti-exploitation-persistence
-
#Barracuda thought it drove 0-day #hackers out of customers’ networks. It was wrong. | #ArsTechnica
"Knowing their most valued victims would install the Barracuda fixes within a matter of days, the hackers, tracked as #UNC4841, swept in and mobilized #DepthCharge to ensure that newly deployed appliances replacing old, infected ones would reinfect themselves. The well-orchestrated counterattacks speak to the financial resources of the hackers, not to mention their skill and the effectiveness of their TTPs, short for tactics, techniques, and procedures."
-
Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong. - Enlarge (credit: Steve McDowell / Agefotostock)
In late May, r... - https://arstechnica.com/?p=1964217 #emailsecuritygateway #barracuda #features #security #hacking #unc4841 #biz #esg