Hot off the press! Mandiant published another Ivanti Connect Secure VPN exploitation blog post outlining additional TTPs and observations for UNC5325, a suspected Chinese cyber espionage operator.
🔗 https://www.mandiant.com/resources/blog/investigating-ivanti-exploitation-persistence

cc: @campuscodi @iagox86 @brett

#cyberespionage #IOC #TTPs #UNC5325 #China #Ivanti #ConnectSecure #vulnerability #zeroday #eitw #activeexploitation #UTA0178 #UNC5221 #CVE_2023_46805 #CVE_2024_21887 #KEV #KnownExploitedVulnerabilitiesCatalog #CISA #CVE_2024_21888 #UNC5325