Hackers exploit flaws in Ivanti VPN to distribute KrustyLoader malware

January 31, 2024PressroomCyber ​​attack/network security

Chinese hackers

A pair of recently revealed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices were exploited to deliver a Rust-based payload called KrustyLoader which is used to eliminate the open source Sliver adversary simulation tool.

The security vulnerabilities, tracked as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), could be misused to achieve remote code execution. authenticated on sensitive devices.

As of January 26, patches for the two flaws have been delayed, although the software company has released a temporary mitigation via an XML file.

Cyber ​​security

Volexity, which first shed light on the shortcomings, said they have been used as zero-day weapons since December 3, 2023 by a Chinese nation-state threat actor tracked under the name UTA0178. Mandiant, owned by Google, has given the group the nickname UNC5221.

Following public disclosure earlier this month, the vulnerabilities have been widely exploited by other adversaries to eliminate XMRig cryptocurrency miners and Rust-based malware.

Synacktiv’s analysis of the Rust malware, code-named KrustyLoader, revealed that it functions as a loader to download Sliver from a remote server and run it on the compromised host.

Future recorded
Image credit: Future Recorded

Sliver, developed by cybersecurity firm BishopFox, is a Golang-based cross-platform post-exploitation framework that has emerged as a profitable option for threat actors compared to other well-known alternatives such as Cobalt Strike.

Cyber ​​security

That said, Cobalt Strike continues to be the top offensive security tool observed across attacker-controlled infrastructure in 2023, followed by Viper and Meterpreter, according to a report published by Recorded Future earlier this month.

“Both Havoc and Mythic have become relatively popular, but are still seen in much lower numbers than Cobalt Strike, Meterpreter or Viper,” the company said. “Four other well-known frameworks are Sliver, Havoc, Brute Ratel (BRc4), and Mythic.”

Did you find this article interesting? Follow us on Twitter and LinkedIn to read the most exclusive content we publish.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *