Investigations Into Zero-Day Exploitation of the Ivanti Connect Secure Appliances

Mandiant Principal Analysts John Wolfram and Tyler McLellan join host Luke McNamara to discuss their research in the "Cutting Edge" blog series, a series of investigations into zero-day exploitation of Ivanti appliances. John and Tyler discuss the process of analyzing the initial exploitation, and the attribution challenges that emerged following the disclosure and widespread exploitation by a range of threat actors. They also discuss the role a suspected Volt Typhoon cluster played into the follow-on exploitation, and share their thoughts on what else we might see from China-nexus zero-day exploitation of edge infrastructure this year.

Listen to the podcast, and don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts. Follow John on X at  @Big_Bad_W0lf_, and follow Tyler on X at @tylabs. For more, check out our Cutting Edge blog series:

• Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation
• Cutting Edge, Part 2: Investigating Ivanti Connect Secure VPN Zero-Day Exploitation
• Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts
• Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies