TOP 3 video game releases of the week – Start of FEBRUARY 2024! 🎮
VPN users should be on guard against a new threat that compromises online security. Recently, attackers exploited two critical vulnerabilities, CVE-2023-46805 and CVE-2024-21887, to spread malware on VPN devices, including those from Ivanti Connect Secure (ICS). These vulnerabilities therefore jeopardize user confidentiality.
The discovery of these flaws comes from the security company Volexity, which identified a campaign orchestrated by the Chinese pirate group UTA0178 or UNC5221. These attackers have been actively exploiting the flaws since December 3, 2023, and spreading a formidable malware called KrustyLoader, designed in Rust.
To read: Alert! Find out why VPNs don’t fully protect your anonymity online! You won’t believe what you’re about to read…
KrustyLoader: An infiltrating threat
KrustyLoaderthis insidious malware, establishes a connection with a remote server to download another malware called Sliver. The latter, an open source post-exploitation framework developed by BishopFox. Sliver can perform various malicious actions such as
- Data theft
- Order fulfillment
- Downloading files
The extent of the threat
Sliver is proving to be a growing alternative to tools such as Cobalt Strike, Viper, and Meterpreter, often used by cybercriminals. Cobalt Strike remains the preferred tool of attackers. But Recorded Future points out that Sliver, alongside Havoc, Brute Ratel, and Mythic, is gaining popularity among threat actors.
Also discover: Protect your home online: why a VPN is useful in 2024?
Although Ivanti has not yet released any patches, the company has made temporary mitigation available via an XML file applicable to devices. Users are also advised to carefully monitor their VPN logs to detect any suspicious activity and to report any incidents to the Ivanti security team.
Faced with this growing threat, it is also recommended that VPN users to choose reliable and secure services. Leaders such as, AltasVPNAnd SurfShark stand out for their commitment to online security. NordVPN also offers an anti-threat that helps protect your system and data against malware.
Don’t miss our article on: Ransomware gang: renewed threat after FBI takedown – Discover the latest threats from the ransomware gang!