A China-linked cyberespionage group is actively exploiting recent Ivanti Endpoint Manager Mobile vulnerabilities to target organizations across multiple regions, including Europe and North America. These attacks focus on stealing sensitive data and gaining control of enterprise mobile devices, emphasizing the importance of prompt patching and security vigilance. #UNC5221 #IvantiEPMMVulnerabilities
Keypoints
- The vulnerabilities CVE-2025-4427 and CVE-2025-4428 allow remote code execution and bypass authentication in Ivanti EPMM.
- These flaws were patched on May 13, but threat actors began exploiting them immediately afterward.
- The China-linked group UNC5221 has been detected using these vulnerabilities for cyberespionage and data exfiltration campaigns.
- Attacks target critical sectors such as defense, finance, healthcare, and telecommunications worldwide.
- Malicious tools like FRP and KrustyLoader are used to maintain persistent access and deploy backdoors in compromised systems.
Read More: https://www.securityweek.com/chinese-spies-exploit-ivanti-vulnerabilities-against-critical-sectors/