Father
Professional
- Messages
- 2,602
- Reaction score
- 786
- Points
- 113
Volt Typhoon, TAG-87, BRONZE SILHOUETTE are satisfied with the abundance of bugs in the systems of foreign governments.
The Cybersecurity and Infrastructure Protection Agency (CISA) and several other leading global organizations have issued another warning about critical vulnerabilities in the products of the IT giant Ivanti. According to experts, these issues, designated CVE-2023-46805, CVE-2024-21887 and CVE-2024-21893, are widely used by government agencies around the world.
According to a report published by Google-owned research company Mandiant, several hacking groups from China, including Volt Typhoon, are actively exploiting these problems. In addition, hackers pursuing financial goals also joined the attacks. Previously, only cyber espionage campaigns were reported.
Mandiant researchers report that in February 2024, they began tracking the actions of a group allegedly associated with Volt Typhoon. This group also overlaps with TAG-87 and BRONZE SILHOUETTE, and its activities are focused on the energy and defense sectors in the United States.
Thus, in addition to Volt Typhoon, four other Chinese gangs were discovered exploiting the bugs after Ivanti revealed them publicly on January 10, 2024.
Financially motivated cybercriminals mainly use CVE-2023-46805 and CVE-2024-21887 to conduct operations such as hidden cryptocurrency mining. At the same time, only one of the groups called UNC5221 exploited CVE-2023-46805 and CVE-2024-21887 even before their disclosure.
Mandiant noted that they did not record a single case when Volt Typhoon managed to successfully compromise Ivanti Connect Secure solutions. The activity of this group began in December 2023 with attacks on Citrix Netscaler ADC, only then they switched to Ivanti devices.
The remaining hackers, if successful, used various malicious programs, including the TERRIBLETEA, PHANTOMNET, TONERJAM, SPAWNSNAIL, and SPAWNMOLE families. Often, they turned to Microsoft and VMware tools to get deeper into their internal systems.
Patches for all three vulnerabilities are already available. The Mandiant report comes a day after Ivanti's CEO promised a series of changes to the company's operations in response to a series of high-profile incidents affecting government organizations around the world.
The Cybersecurity and Infrastructure Protection Agency (CISA) and several other leading global organizations have issued another warning about critical vulnerabilities in the products of the IT giant Ivanti. According to experts, these issues, designated CVE-2023-46805, CVE-2024-21887 and CVE-2024-21893, are widely used by government agencies around the world.
According to a report published by Google-owned research company Mandiant, several hacking groups from China, including Volt Typhoon, are actively exploiting these problems. In addition, hackers pursuing financial goals also joined the attacks. Previously, only cyber espionage campaigns were reported.
Mandiant researchers report that in February 2024, they began tracking the actions of a group allegedly associated with Volt Typhoon. This group also overlaps with TAG-87 and BRONZE SILHOUETTE, and its activities are focused on the energy and defense sectors in the United States.
Thus, in addition to Volt Typhoon, four other Chinese gangs were discovered exploiting the bugs after Ivanti revealed them publicly on January 10, 2024.
Financially motivated cybercriminals mainly use CVE-2023-46805 and CVE-2024-21887 to conduct operations such as hidden cryptocurrency mining. At the same time, only one of the groups called UNC5221 exploited CVE-2023-46805 and CVE-2024-21887 even before their disclosure.
Mandiant noted that they did not record a single case when Volt Typhoon managed to successfully compromise Ivanti Connect Secure solutions. The activity of this group began in December 2023 with attacks on Citrix Netscaler ADC, only then they switched to Ivanti devices.
The remaining hackers, if successful, used various malicious programs, including the TERRIBLETEA, PHANTOMNET, TONERJAM, SPAWNSNAIL, and SPAWNMOLE families. Often, they turned to Microsoft and VMware tools to get deeper into their internal systems.
Patches for all three vulnerabilities are already available. The Mandiant report comes a day after Ivanti's CEO promised a series of changes to the company's operations in response to a series of high-profile incidents affecting government organizations around the world.
