Five distinct malware families have been used by suspected nation-state actors to exploit two zero-day vulnerabilities in Ivanti Connect Secure VPN appliances. The Google-owned threat intelligence firm, Mandiant is tracking the threat actor as UNC5221. Volexity suspects a Chinese espionage actor, UTA0178, could be behind the activity. Ivanti reported that less than ten customers were affected, suggesting a highly targeted campaign. UNC5221 remains unconnected to any known group or country.
Prinz Eugen Ransomware Uses Go-Based Encryptor to Target Fresh Files and Evade Forensics
A customer compromised by a newly observed ransomware family we attribute to the Prinz Eugen group. The encryptor is a purpose-built Go binary that departs
