HomeCII/OTIvanti Zero-Day Patches Delayed due to KrustyLoader Attacks Escalating

Ivanti Zero-Day Patches Delayed due to KrustyLoader Attacks Escalating

Published on

spot_img

A pair of critical zero-day vulnerabilities in Ivanti VPNs are being used by attackers to deploy a Rust-based set of backdoors and download a backdoor malware called “KrustyLoader.” The two bugs, which were disclosed earlier in January, allow unauthenticated remote code execution (RCE) and authentication bypass, respectively, affecting Ivanti’s Connect Secure VPN gear. Neither of the vulnerabilities has patches yet.

It has been reported that both zero-day vulnerabilities were already under active exploitation in the wild, and Chinese state-sponsored advanced persistent threat (APT) actors (UNC5221, aka UTA0178) were quick to exploit the bugs after their public disclosure, mounting mass exploitation attempts worldwide. According to Volexity’s analysis of the attacks, 12 separate but nearly identical Rust payloads were uncovered, being downloaded to compromised appliances, which in turn download and execute a variant of the Sliver red-teaming tool, known as KrustyLoader.

Théo Letailleur, a Synacktiv researcher, referred to the open-source adversary simulation tool “Sliver 11” and noted its increasing popularity among threat actors, as it provides a practical command-and-control framework. Letailleur mentioned that the rejiggered Sliver implant acts as a stealthy and easily controlled backdoor. Furthermore, Letailleur stated that KrustyLoader was developed in Rust, which brings additional difficulties to obtain a good overview of its behavior.

As for the patches for CVE-2024-21887 and CVE-2023-46805 in Connect Secure VPNs, they are delayed. Ivanti had promised them on Jan. 22, prompting a CISA alert, but they failed to materialize. In the latest update to its advisory on the bugs, published Jan. 26, the firm noted that “The targeted release of patches for supported versions is delayed, this delay impacts all subsequent planned patch releases … Patches for supported versions will still be released on a staggered schedule.” Ivanti said it is targeting this week for the fixes, but it also noted that “the timing of patch release is subject to change as we prioritize the security and quality of each release.” It has been 20 days since the vulnerabilities’ disclosure, and the patches are yet to be implemented.

In conclusion, the exploitation of the zero-day vulnerabilities in Ivanti VPNs has become a cause for concern, especially with the swift adoption of these bugs by Chinese state-sponsored APT actors. The delayed release of patches only exacerbates the situation, leaving organizations that use Ivanti’s Connect Secure VPN gear vulnerable to potential attacks. It is imperative for Ivanti to expedite the release of patches to mitigate the risk and ensure the security of its customers’ networks.

Source link

Latest articles

We belong: Q&A with Miriam Saffer – Creative, pragmatic, and resilient.

MIriam Saffer: about being judged or not believed. If an employee trusts you enough...

The Resounding Boom of Cybersecurity: Understanding the Ever-Expanding Industry

The cybersecurity industry is currently experiencing unprecedented growth and innovation due to a variety...

DVIDS News: AvengerCon VIII – Army Cyber’s Homegrown Hacker Con Makes a Comeback

of the big things we missed was being able to share our experiences among...

Troutman Pepper Establishes Incidents and Investigations Team

Troutman Pepper, a prominent law firm based in Orange County, Calif., and Richmond, Va.,...

More like this

We belong: Q&A with Miriam Saffer – Creative, pragmatic, and resilient.

MIriam Saffer: about being judged or not believed. If an employee trusts you enough...

The Resounding Boom of Cybersecurity: Understanding the Ever-Expanding Industry

The cybersecurity industry is currently experiencing unprecedented growth and innovation due to a variety...

DVIDS News: AvengerCon VIII – Army Cyber’s Homegrown Hacker Con Makes a Comeback

of the big things we missed was being able to share our experiences among...
en_USEnglish