Mandiant researchers have found that zero-day attacks on the Ivanti Connect Secure (ICS) vulnerability were first spotted in mid-December 2024. The attacks seem to originate from China-linked espionage actors UNC5337 and UNC5221. The attackers used malware and exploited the ICS system to gain access to organizational networks. To mitigate the problem, Ivanti recommends customers use monitoring tools in conjunction with their Integrity Checker Tool, while affected appliances should be factory reset before installing a fixed version.

North Korean Hackers Use Fake U.S. Companies to Spread Malware in Crypto Industry: Report
North Korean hackers reportedly set up shell companies in the US to penetrate the crypto sector and target developers via fake job offers, according to