Suspected espionage group, UNC5221, has launched a sophisticated cyberattack exploiting zero-day vulnerabilities recently disclosed (CVE-2023-46805 and CVE-2024-21887) by Ivanti in their Connect Secure (ICS) VPN and Policy Secure (IPS) appliances.
Please join Mandiant’s John Wolfram, Matt Lin, and Robert Wallace as they shed light on this suspected espionage campaign, including:
*Technical Analysis: We'll dissect UNC5221's custom malware arsenal, including the ZIPLINE backdoor, THINSPOOL dropper, LIGHTWIRE and WIREFIRE web shells, and WARPWIRE credential harvester.
*Attacker Motivations and Tactics: Explore UNC5221's suspected espionage objectives and the strategic use of compromised edge infrastructure for command and control.
*Remediation and Defense Strategies: Learn concrete steps to mitigate these vulnerabilities, deploy Ivanti's Integrity Checker Tool (ICT), and strengthen your defenses against future zero-day attacks.
This webinar is designed for IT security professionals, network administrators, and anyone concerned about zero-day exploits and espionage campaigns.
Presenters:
Andrew Kopcienski, Principal Analyst (Moderator)
Matt Lin, Consultant, Incident Response
Robert Wallace, Consultant, Incident Response
John Wolfram, Sr. Threat Analyst