Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery

Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery

May 9, 2024 at 07:49AM

Two security flaws in Ivanti Connect Secure devices are exploited by the Mirai botnet, as per Juniper Threat Labs. Vulnerabilities CVE-2023-46805 and CVE-2024-21887 allow attackers to execute arbitrary code and deploy malware on susceptible instances. This comes as SonicWall reports a fake Windows File Explorer executable installing a cryptocurrency miner.

Key Takeaways from the Meeting Notes:

– Two security flaws in Ivanti Connect Secure (ICS) devices, CVE-2023-46805 and CVE-2024-21887, are being exploited to deploy the Mirai botnet.
– The vulnerabilities allow an attacker to execute arbitrary code and take over susceptible instances.
– The attack chain involves exploiting CVE-2023-46805 to gain access to the “/api/v1/license/key-status/;” endpoint and injecting the payload, triggering the malware deployment through a request to “/api/v1/totp/user-backup-code/”.
– The Mirai botnet delivery highlights the evolving landscape of cyber threats and the potential for deployment of other harmful malware and ransomware.
– SonicWall revealed the discovery of a fake Windows File Explorer executable (“explorer.exe”) that installs a cryptocurrency miner, with the exact distribution vector currently unknown.

Feel free to reach out if you need any further details or information.

Full Article