Advanced Cybercriminals Rapidly Diversify Cyberattack Channels Following Public Vulnerability Disclosure

EclecticIQ analysts report active exploitation of multiple high-severity Ivanti vulnerabilities (including CVSS scores up to 9.1), describe attacker TTPs such as backdooring compcheckresult.cgi to install webshells, and provide IOCs (two file hashes, multiple malicious IPs, and the C2 domain symantke.com) linking activity to both commodity cybercriminal toolsets (Cobalt Strike) and GH0STRAT/ghost RAT artifacts; they assess a mix of opportunistic cybercriminals and APTs leveraging both old and new infrastructure and warn of likely ransomware actors adopting these exploits, recommending layered network-edge defenses.