China’s UNC5337 Exploits a Critical RCE Vulnerability in Ivanti, Once More

Resources
China’s UNC5337 Exploits a Critical RCE Vulnerability in Ivanti, Once More

Published:

Written by: Staff Editor
spot_img

Chinese Threat Actor Targets Ivanti Remote Access Devices: A Year of Vulnerabilities and Exploits

Ivanti Under Siege: Chinese Threat Actor Exploits Vulnerabilities Once Again

In a troubling resurgence, a Chinese threat actor, identified as UNC5337, is once again targeting Ivanti remote access devices, exploiting newly discovered critical vulnerabilities. This follows a year marked by a barrage of significant security issues affecting Ivanti’s products, including authentication bypasses and SQL injection flaws.

This latest series of breaches hinges on vulnerabilities in Ivanti’s Connect Secure (ICS) and Policy Secure gateways, with the most severe, rated critical on the Common Vulnerability Scoring System (CVSS), allowing unauthorized code execution. Although Ivanti had pledged to prioritize secure engineering following last year’s issues, the group has already begun exploiting these new flaws, raising alarms in cybersecurity circles.

“UNC5337’s techniques highlight how sophisticated these attacks are,” notes Arctic Wolf CISO Adam Marrè. The group’s notable use of the "Spawn" malware family, which has been observed in previous exploits, underscores their expertise in infiltrating Ivanti’s systems. Tools like SpawnAnt and SpawnSnail enable extensive control and surveillance once a system is compromised.

Researchers at Mandiant warn that over 2,000 instances of ICS devices could be vulnerable globally, particularly in the US, France, and Spain. Ivanti, responding to this maturity of threat, is urging clients to implement immediate patches and utilize their built-in Integrity Checker Tool to scan for infections.

While cybersecurity leaders emphasize the need for timely updates to mitigate such risks, the task is not without its challenges. Administrators face tough decisions regarding potential downtime versus the urgency of patching systems—a dilemma that could further strain an already beleaguered IT environment.

As the threat escalates, vigilance and prompt action become paramount for organizations reliant on Ivanti solutions.

spot_img

Related articles

Recent articles

Interlock Ransomware Exploits Cisco FMC Zero-Day Vulnerability 36 Days Prior to Public Disclosure

Global
Interlock Ransomware Exploits Cisco FMC Zero-Day Vulnerability 36 Days Prior to Public Disclosure A recent investigation by Amazon's threat intelligence teams has unveiled a significant...
Read more

TVB Strengthens Creator Economy with Launch of Artiste-Creator Network (ACN) at MarketingPulse 2026

Regional
TVB Strengthens Creator Economy with Launch of Artiste-Creator Network (ACN) at MarketingPulse 2026 HONG KONG SAR - The rapid evolution of the digital landscape has...
Read more

i-PRO Advances Security Operations with First Edge Cameras Powered by Generative AI

Features
i-PRO Advances Security Operations with First Edge Cameras Powered by Generative AI At ISC West 2026, i-PRO unveiled a groundbreaking development in security technology: its...
Read more

Multiple Threat Actors Exploit Six Vulnerabilities in iOS with DarkSword Kit

Global
Multiple Threat Actors Exploit Six Vulnerabilities in iOS with DarkSword Kit A recent cybersecurity development has unveiled a sophisticated exploit kit named DarkSword, which poses...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com