Living on the Edge: Investigating Ivanti Connect Secure VPN Zero-Day Exploits

Presented by

Matt Lin, Consultant, Incident Response, Robert Wallace, Consultant, Incident Response and John Wolfram, Sr. Threat Analyst

About this talk

Suspected espionage group, UNC5221, has launched a sophisticated cyberattack exploiting zero-day vulnerabilities recently disclosed (CVE-2023-46805 and CVE-2024-21887) by Ivanti in their Connect Secure (ICS) VPN and Policy Secure (IPS) appliances. Please join Mandiant’s John Wolfram, Matt Lin, and Robert Wallace as they shed light on this suspected espionage campaign, including: *Technical Analysis: We'll dissect UNC5221's custom malware arsenal, including the ZIPLINE backdoor, THINSPOOL dropper, LIGHTWIRE and WIREFIRE web shells, and WARPWIRE credential harvester. *Attacker Motivations and Tactics: Explore UNC5221's suspected espionage objectives and the strategic use of compromised edge infrastructure for command and control. *Remediation and Defense Strategies: Learn concrete steps to mitigate these vulnerabilities, deploy Ivanti's Integrity Checker Tool (ICT), and strengthen your defenses against future zero-day attacks. This webinar is designed for IT security professionals, network administrators, and anyone concerned about zero-day exploits and espionage campaigns. Presenters: Andrew Kopcienski, Principal Analyst (Moderator) Matt Lin, Consultant, Incident Response Robert Wallace, Consultant, Incident Response John Wolfram, Sr. Threat Analyst
Related topics:

More from this channel

Upcoming talks (2)
On-demand talks (372)
Subscribers (122614)
Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. By scaling decades of frontline experience, Mandiant helps organizations to be confident in their readiness to defend against and respond to cyber threats. Mandiant is now part of Google Cloud.