Researchers warn the previously unknown actor has developed custom malware designed to maintain persistent access on targeted networks and evade detection.
The threat actor behind the monthlong exploitation of Ivanti Connect Secure VPN
is conducting an espionage campaign using custom malware
with the goal of maintaining continued access to the appliances, according to
research released Thursday by Google Cloud’s Mandiant unit.
Multiple suspected APT actors have used similar methods with appliance-specific malware in order to engage in post-exploitation threat activity and evade detection. However, Mandiant researchers said,
at the moment, this exact activity is not linked to a known actor and they don’t have enough information yet to pinpoint the origin.
more
