#KrustyLoader

Chinese Hackers Exploiting VPN Flaws to Deploy KrustyLoader Malware

by

January 31, 2024 at 02:36AM Two zero-day flaws in Ivanti Connect Secure (ICS) VPN have been exploited to distribute the Rust-based KrustyLoader and the Sliver adversary simulation tool. Identified as CVE-2023-46805 and CVE-2024-21887, the flaws allow unauthenticated remote code execution with delayed patches. The vulnerabilities have been utilized by threat actors and other adversaries. Key … Read more

Ivanti Zero-Day Patches Delayed as ‘KrustyLoader’ Attacks Mount

by

January 30, 2024 at 06:27PM Attacks are exploiting zero-day vulnerabilities in Ivanti VPNs allowing remote code execution and authentication bypass. Rust-based backdoors are being deployed, downloading a backdoor malware, “KrustyLoader.” Chinese state-sponsored APT actors are exploiting these bugs worldwide. Patches for the vulnerabilities (CVE-2024-21887 and CVE-2023-46805) have been delayed, with Ivanti targeting a release this … Read more