Organizations in the U.S. defense industry were noted by the National Security Agency to have been targeted by intrusions leveraging vulnerabilities impacting Ivanti Connect Secure VPN appliances, TechCrunch reports.
The attacks, which were observed amid the ongoing monitoring of widespread Ivanti VPN compromise, is being mitigated by the NSA's Cybersecurity Collaboration Center, according to NSA spokesperson Edward Bennett. Such a development comes days after Chinese state-sponsored hacking operation UNC5325 was reported by Mandiant to have attempted a massive hacking campaign using the Ivanti VPN flaws to compromise the U.S. defense industrial base and organizations across various sectors. New malware has been used by UNC5325 to ensure root-level persistence in impacted devices even following remediation efforts, said the Mandiant report. Such persistence was also noted in an advisory from the Cybersecurity and Infrastructure Security Agency although the findings have been downplayed by Ivanti. Ivanti “is not aware of any instances of successful threat actor persistence following implementation of the security updates and factory resets recommended by Ivanti," said Ivanti Field Chief Information Security Officer Mike Riemer.