home.social
Sign in Create account

#unc5325 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #unc5325, aggregated by home.social.

  1. 🛡 [email protected]/:~# :blinking_cursor:​ @[email protected] ·

    "⚔️ Cutting Edge Cyber Espionage: Ivanti Zero-Days Under Siege by UNC5325 ⚔️"

    #Mandiant & #Ivanti's latest investigation unveils a sophisticated cyber-espionage campaign targeting Ivanti Connect Secure VPN appliances. #UNC5325, a China-nexus group, exploited a series of zero-day vulnerabilities, including CVE-2024-21893, to deploy novel malware and evade detection. Despite efforts, their persistence mechanisms faltered due to encryption key mismatches. 🛡️🔐

    A new Integrity Checking Tool (ICT) is available for Ivanti customers, emphasizing the urgency of updating and patching network appliances. The exploitation showcases advanced techniques, including LotL and custom malware like LITTLELAMB.WOOLTEA, highlighting the importance of robust cyber defenses.

    Ivanti disclosed five critical vulnerabilities, with #CVE-2024-21893 and #CVE-2024-22024 posing significant risks. The SSRF and XXE vulnerabilities enable attackers to bypass security measures and access restricted resources, underscoring the need for immediate remediation.

    Attribution to #UNC5325 ties this campaign to China, with tactics, techniques, and malware indicating a high level of sophistication. This operation's breadth and depth signal a continued threat from state-sponsored actors against critical network infrastructure.

    Let's ensure our defenses are updated and vigilant against these evolving threats. #CyberSecurity #Ivanti #ZeroDay #APT #UNC5325 #CVE2024 Mitre - UNC5325 #UNC3886

    Source: Mandiant Team - Investigating Ivanti Exploitation & Persistence

    #mandiant #ivanti #unc5325 #cve #cybersecurity #zeroday
  2. Austin Larsen @[email protected] ·

    Our team at Mandiant just released details on 🇨🇳 #UNC5325, who exploited CVE-2024-21893 and CVE-2024-21887 to deploy novel malware in an attempt to remain embedded in compromised #ivanti appliances even through factory resets, system upgrades, and patches.

    Notably, we identified TTP and malware code overlaps with the advanced China-nexus espionage group #UNC3886 who exploited CVE-2023-34048 in VMWare as far back as late 2021.

    Similar to #UNC4841 familiarity with Barracuda ESGs, UNC5325 demonstrates significant knowledge of the Ivanti Connect Secure appliance as seen in both the malware they used and the attempts to persist across factory resets.

    mandiant.com/resources/blog/in

    #unc5325 #ivanti #unc3886 #unc4841
  3. Austin Larsen @[email protected] ·

    Our team at Mandiant just released details on 🇨🇳 #UNC5325, who exploited CVE-2024-21893 and CVE-2024-21887 to deploy novel malware in an attempt to remain embedded in compromised #ivanti appliances even through factory resets, system upgrades, and patches.

    Notably, we identified TTP and malware code overlaps with the advanced China-nexus espionage group #UNC3886 who exploited CVE-2023-34048 in VMWare as far back as late 2021.

    Similar to #UNC4841 familiarity with Barracuda ESGs, UNC5325 demonstrates significant knowledge of the Ivanti Connect Secure appliance as seen in both the malware they used and the attempts to persist across factory resets.

    mandiant.com/resources/blog/in

    #unc4841 #unc3886 #ivanti #unc5325