Living on the Edge: Investigating Ivanti Connect Secure VPN Zero-Day Exploits
Title: Living on the Edge: Investigating Ivanti Connect Secure VPN Zero-Day Exploits
Presenters: Matt Lin, Consultant, Incident Response, Robert Wallace, Consultant, Incident Response and John Wolfram, Sr. Threat Analyst
Date and Time: On Demand
Abstract:
Suspected espionage group, UNC5221, has launched a sophisticated cyberattack exploiting zero-day vulnerabilities recently disclosed (CVE-2023-46805 and CVE-2024-21887) by Ivanti in their Connect Secure (ICS) VPN and Policy Secure (IPS) appliances.
Please join Mandiant’s John Wolfram, Matt Lin, and Robert Wallace as they shed light on this suspected espionage campaign, including:
*Technical Analysis: We'll dissect UNC5221's custom malware arsenal, including the ZIPLINE backdoor, THINSPOOL dropper, LIGHTWIRE and WIREFIRE web shells, and WARPWIRE credential harvester.
*Attacker Motivations and Tactics: Explore UNC5221's suspected espionage objectives and the strategic use of compromised edge infrastructure for command and control.
*Remediation and Defense Strategies: Learn concrete steps to mitigate these vulnerabilities, deploy Ivanti's Integrity Checker Tool (ICT), and strengthen your defenses against future zero-day attacks.
This webinar is designed for IT security professionals, network administrators, and anyone concerned about zero-day exploits and espionage campaigns.