Summary: A newly discovered vulnerability in Ivanti’s Connect Secure VPN is being exploited by China-based espionage threat actors, prompting urgent action from U.S. cybersecurity agencies. Mandiant’s analysis highlights the ongoing risks and the potential for widespread exploitation of this vulnerability.
Threat Actor: UNC5221 | UNC5221
Victim: Ivanti | Ivanti
Key Point :
- Mandiant identified exploitation of CVE-2025-0282 by Chinese hackers, linked to previous attacks on Ivanti products.
- The Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to patch the vulnerability by January 15.
- New malware families DRYHOOK and PHASEJAM were discovered in conjunction with the attacks, alongside previously known malware SPAWN.
- Ivanti’s Integrity Checker Tool (ICT) has been effective in identifying compromises, but hackers attempted to bypass its detection methods.
- Ongoing investigations reveal the hackers’ efforts to steal sensitive data, including VPN session information and credentials.
Source: https://therecord.media/china-espionage-ivanti-vulnerabilities-mandiant