Five distinct malware families have been used by suspected nation-state actors to exploit two zero-day vulnerabilities in Ivanti Connect Secure VPN appliances. The Google-owned threat intelligence firm, Mandiant is tracking the threat actor as UNC5221. Volexity suspects a Chinese espionage actor, UTA0178, could be behind the activity. Ivanti reported that less than ten customers were affected, suggesting a highly targeted campaign. UNC5221 remains unconnected to any known group or country.
MacOS Malware Poses as Unarchiver App to Steal User Data
Well, cyber friends! You won’t believe what we just uncovered on our daily hunt for all things security-related here at the Bay Area cyberhawks HQ.