1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • US defense sector under under attack China-backed hackers, with N

    From TechnologyDaily@1337:1/100 to All on Mon Mar 4 17:00:06 2024
    US defense sector under under attack China-backed hackers, with NSA
    confirming Ivanti exploits are to blame

    Date:
    Mon, 04 Mar 2024 16:56:02 +0000

    Description:
    Ivanti Connect Secure vulnerabilities are being exploited by China-backed hackers, and they can even persist after a factory reset

    FULL STORY ======================================================================

    The Ivanti enterprise VPN application is being exploited by hackers to target the US defense sector, the US National Security Agency has confirmed.

    The US defense sector provides equipment and technology for the US military, which makes a potential compromise by China-backed groups significantly concerning.

    Speaking to TechCrunch , NSA spokesperson Edward Bennett said that the agency is tracking and aware of the broad impact from the recent exploitation of Ivanti products, to include of the [sic] U.S defense sector. 250,000 exploitation attempts every day

    Previous to the NSA confirmation, Mandiant stated a China-backed group
    tracked as UNC5325 was actively exploiting Ivanti Connect Secure software to infiltrate thousands of organizations around the globe. The exploits in question are being tracked as CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893.

    The UNC5325 group conducts complex attacks and uses techniques such as living-off-the-land to remain incognito when infiltrating the target organizations. The US Cybersecurity & Infrastructure Security Agency (CISA) released an advisory that stated that the group is able to remain active within compromised devices even after a factory reset.

    It is also possible to fool the built in Ivanti Integrity Checker Tool during an attack leading to the tools failure to detect compromise according to
    CISAs own tests. Furthermore, a report published by Akamai says that the UNC5325 group could be conducting as many as 250,000 attacks every day across a range of more than 1,000 customers.

    Ivanti field CISO Mike Riemer told TechCrunch the company is not aware of any instances of successful threat actor persistence following implementation of the security updates and factory resets recommended by Ivanti.

    The attacks have been taking place since as early as January 2024, but the Biden Administration has been taking steps to boost national security by improving cybersecurity at ports and pressuring companies to move towards memory-safe programming languages . More from TechRadar Pro These are the
    best VPNs for businesses From security to sign language, Intel's new vPro could be a real game-changer Take a look at our rankings of the best endpoint protection software




    ======================================================================
    Link to news story: https://www.techradar.com/pro/us-defense-sector-under-under-attack-china-backe d-hackers-with-nsa-confirming-ivanti-exploits-are-to-blame


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)