State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Ivanti Connect Secure Zero-Days Actively Exploited

NJCCIC Advisory

Original Release Date: 1/18/2024

Summary

Threat actors identified as UTA0178 are actively targeting two zero-day vulnerabilities (CVE-2024-21887 and CVE-2023-46805) found in Ivanti Connect Secure (ICS) VPN appliances. Volexity researchers discovered at least 1,700 devices worldwide have been compromised with the GIFTEDVISITOR webshell backdoor variant. Initially, the attacks were highly targeted and included global government and military departments, national telecommunications companies, defense contractors, aerospace and engineering, and technology; however, non-discriminant exploitation is now widespread. Mandiant has also conducted an analysis of attacks, attributing the activity to a threat actor tracked as UNC5221, with the intent to conduct espionage. Patches are expected to be released in a staggered schedule beginning the week of January 22. Mitigations, workarounds, and recommendations can be found in the Ivanti article.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.