OODA Loop – Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout

Ivanti Connect Secure has two zero-day vulnerabilities exploited by threat actors, likely from China, enabling them to execute commands on appliances. Ivanti has released mitigations with patches due in late January. Over 7,000 vulnerable instances have been identified, mainly in the US, Japan and Europe. The attacker, UNC5221, aims at espionage, using diverse malware to maintain access to compromised systems.