Ivanti Connect Secure VPN Exploitation Goes Global

Volexity reports active and widespread exploitation of two chained zero-day vulnerabilities in Ivanti Connect Secure VPN appliances (CVE-2024-21887 and CVE-2023-46805), resulting in the deployment of a variant of the GIFTEDVISITOR webshell on more than 1,700 globally distributed devices across governments, telecoms, defense, finance and large enterprises; the activity is attributed with medium confidence to UTA0178, other actors have been observed attempting exploitation, and Volexity urges immediate application of Ivanti mitigations and integrity checks.