January 11, 2024 at 04:01AM
A pair of zero-day flaws in Ivanti Connect Secure (ICS) and Policy Secure have been exploited by suspected China-linked nation-state actors to breach less than 10 customers. Cybersecurity firm Volexity identified the activity and attributed it to a hacking group it tracks under the name UTA0178. Patches are expected to be released starting from the week of January 22, 2024.
Key Takeaways from Meeting Notes:
– A pair of zero-day vulnerabilities in Ivanti Connect Secure (ICS) and Policy Secure have been exploited by suspected China-linked nation-state actors, leading to breaches in fewer than 10 customers.
– Cybersecurity firm Volexity identified the activity on the network of one of its customers in December 2023 and attributed it to a group tracked as UTA0178.
– The vulnerabilities (CVE-2023-46805 and CVE-2024-21887) allow for unauthenticated command execution, granting threat actors remote access to affected systems.
– Ivanti is planning to release patches in a staggered manner, starting from the week of January 22, 2024, and has recommended users to apply workarounds in the interim.
– The attack involved manipulation of Ivanti’s internal integrity checker, theft of configuration data, modification of files, keystroke logging, and exfiltration of credentials.
– The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerabilities to its Known Exploited Vulnerabilities catalog and urged federal agencies to apply fixes by January 31, 2024.
Let me know if there’s anything else I can help with.