"Attackers Injected Novel DSLog Backdoor Into 670 Vulnerable Ivanti Devices"

Actors are exploiting a vulnerability, tracked as CVE-2024-21893, in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA to inject a backdoor called DSLog. According to researchers, the DSLog backdoor uses a unique hash per appliance that cannot be used to contact the same backdoor implemented in another device. This prevents defenders from detecting the presence of the backdoor by trying to contact it, so they should check for the presence of artifacts such as .txt files created by the attacker when triggering the Server-Side Request Forgery (SSRF) vulnerability. This article continues to discuss the DSLog backdoor and the vulnerability exploited by attackers to install it. 

Help Net Security reports "Attackers Injected Novel DSLog Backdoor Into 670 Vulnerable Ivanti Devices"

Submitted by grigby1

Submitted by Gregory Rigby on