Mar 1, 2024 - Technology

Hackers find new ways to keep targeting Ivanti

Animated illustration of a siren flashing on top of a computer.

Illustration: Aïda Amer/Axios

The U.S., the U.K., Canada, Australia and New Zealand warned Thursday that hackers have continued to find ways to exploit security flaws in widely used Ivanti products.

Why it matters: In their espionage campaigns, suspected Chinese hackers have been targeting Ivanti's flaws.

  • Google-owned Mandiant said in research released this week that the specific group leveraging these flaws is known to target defense contractors and technology and telecommunications organizations.

What's inside: Ivanti has released patches for these flaws. The Five Eyes alliance said Thursday that hackers have now found a way to trick the company's old tool that detects intrusions.

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) found that according to independent research in a lab environment the hackers can maintain access inside a victim's network even after the victim resets Ivanti's products to factory settings, according to the advisory.

Catch up quick: Ivanti first warned of the high-severity flaws in its Connect Secure and Policy Secure VPNs nearly two months ago — and the new advisory suggests companies are still struggling to patch.

The other side: Ivanti released a new version of its integrity checking tool Thursday to help detect intruders.

  • Ivanti also said that CISA's new technical findings had not "been seen in the wild" and are not "believed to be possible in a live customer environment."

The big picture: The security flaws give hackers the ability to remotely access a network without a username or password and navigate around a victim's network.

  • Ivanti has more than 40,000 total customers, and hackers were exploiting these flaws for at least a month before Ivanti discovered them.

Between the lines: China's espionage-focused hacking teams, in particular, have become a lot stealthier and more difficult to detect.

The bottom line: The Five Eyes alliance is now recommending that network defenders apply Ivanti's software patches if they haven't already and use new details in the advisory to hunt for any adversaries already lurking on their networks.

Editor's note: This story has been corrected to show that hackers had found ways into Ivanti's old tool, not it's most recent tool. And to point out that CISA found that hackers can maintain access inside a victim's network, according to research in a lab environment and not seen in the wild.

Go deeper