KEY TAKEAWAYS Russian APT GruesomeLarch deployed a new attack technique leveraging Wi-Fi networks in close proximity to the intended target. The threat actor primarily leveraged living-off-the-land techniques. A zero-day privilege escalation was used to further gain access. Ukrainian-related work and projects were targeted in this attack, just ahead of Russian Invasion of Ukraine. In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that le...| Volexity
KEY TAKEAWAYS Russian APT GruesomeLarch deployed a new attack technique leveraging Wi-Fi networks in close proximity to the intended target. The threat actor primarily leveraged living-off-the-land techniques. A zero-day privilege escalation was used to further gain access. Ukrainian-related work and projects were targeted in this attack, just ahead of Russian Invasion of Ukraine. In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that le...| Volexity
On January 15, 2024, Volexity detailed widespread exploitation of Ivanti Connect Secure VPN vulnerabilities CVE-2024-21887 and CVE-2023-46805. In that blog post, Volexity detailed broader scanning and exploitation by threat actors using still non-public exploits to compromise numerous devices. Subsequently, Volexity has observed an increase in attacks from various threat actors against Ivanti Connect Secure VPN appliances beginning the same day.| Volexity
Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN appliances. An official security advisory and knowledge base article have been released by Ivanti that includes mitigation that should be applied immediately. However, a mitigation does not remedy a past or ongoing compromise. Systems should simultaneously be thoroughly analyzed per details in this post to look for signs of a breach.| Volexity
On January 10, 2024, Volexity publicly shared details of targeted attacks by UTA0178 exploiting two zero-day vulnerabilities (CVE-2024-21887 and CVE-2023-46805) in Ivanti Connect Secure (ICS) VPN appliances. On the same day, Ivanti published a mitigation that could be applied to ICS VPN appliances to prevent exploitation of these vulnerabilities. Since publication of these details, Volexity has continued to monitor its existing customers for exploitation. Volexity has also been contacted by m...| Volexity
