"Magnet Goblin Exploits Ivanti Vulnerabilities"

Security researchers at Check Point Security have uncovered a trend involving the exploitation of 1-day vulnerabilities, including two in Ivanti Connect Secure VPN.  The flaws, identified as CVE-2023-46805 and CVE-2023-21887, were quickly exploited by multiple threat actors, leading to various malicious activities.  Tracking these exploits, the researchers said it encountered a cluster of activities attributed to a threat actor dubbed Magnet Goblin.  The researchers have observed the actor methodically leveraging 1-day vulnerabilities, particularly targeting edge devices like the Ivanti Connect Secure VPN.  Magnet Goblin uses custom Linux malware to pursue financial gain.  The researchers noted that these exploits involve the deployment of malware via a range of methods, including the exploitation of vulnerabilities in Magento, Qlik Sense, and potentially Apache ActiveMQ.  The researchers stated that the threat actor’s activities extended beyond Linux environments, with some instances targeting Windows systems using tools like ScreenConnect and AnyDesk, suggesting a wide-ranging and adaptable approach.

 

Infosecurity Magazine reports: "Magnet Goblin Exploits Ivanti Vulnerabilities"

Submitted by Adam Ekwall on