Cyber Security News

China-Nexus APT Exploits Ivanti Connect Secure VPN in Global Cyber Espionage Campaign

CybersecurityNews
China-Nexus APT Exploits Ivanti Connect Secure VPN in Global Cyber Espionage Campaign
Summary: A recent TeamT5 report reveals a widespread cyber espionage campaign targeting Ivanti Connect Secure VPN appliances, attributed to a China-linked Advanced Persistent Threat (APT) group. This campaign exploits critical vulnerabilities, affecting a range of organizations across twelve countries and multiple industries. TeamT5 warns that attack attempts have destabilized VPN appliances, suggesting multiple threat actors might be involved.

Affected: Ivanti Connect Secure VPN appliances

Keypoints :

  • Cyber espionage campaign linked to a China-nexus APT group exploiting critical vulnerabilities in Ivanti VPN appliances.
  • Victims include organizations in sectors such as Automotive, Chemical, Government, Financial Institutions, and Telecommunications across twelve countries.
  • Successful exploitation of vulnerabilities (CVE-2025-0282 and CVE-2025-22457) allows for remote code execution and potential malware implantation.
  • SPAWNCHIMERA malware toolkit used, with capabilities including SSH backdoor, SOCKS5 tunneler, and log wiper.
  • Threat actors leverage advanced tactics making detection of malicious activity challenging within networks.

Source: https://securityonline.info/china-nexus-apt-exploits-ivanti-connect-secure-vpn-in-global-cyber-espionage-campaign/