Suspected Chinese state-sponsored hackers who have been leveraging Ivanti Connect Secure VPN flaws to breach a variety of organizations have demonstrated “a nuanced understanding of the appliance”, according to Mandiant incident responders and threat hunters. They were able to perform a number of modifications on the device and deploy specialized malware and plugins aimed at achieving persistence across system upgrades, patches, and factory resets. “While the limited attempts observed to maintain persistence have not been … More

The post State-sponsored hackers know enterprise VPN appliances inside out appeared first on Help Net Security.