Global attacks targeting Ivanti Connect Secure VPN appliances vulnerable to both CVE-2023-46805 and CVE-2024-21887, have been underway, with 492 of 26,000 internet-exposed devices being compromised with backdoors, reports Ars Technica. The U.S. accounted for the most number of impacted VPNs, with Germany, South Korea, China, and Japan having the next largest number of compromised devices, a report from Censys showed. Most of the infected VPNs were discovered to be hosted by Microsoft's customer cloud service. The findings also showed a credential theft backdoor among 412 hosts. "Additionally, we found 22 distinct 'variants' (or unique callback methods), which could indicate multiple attackers or a single attacker evolving their tactics," said researchers.
Article Link: Onslaught of attacks aimed at Ivanti zero-days continues | SC Media