The known webshells allow for a variety of functions, including authentication bypass, multi-factor authentication bypass, password logging, and persistence through patching. The threat actor is using this access to place webshells on the Pulse Connect Secure appliance for further access and persistence. To gain initial access, the threat actor is leveraging multiple vulnerabilities, including CVE-2019-11510, CVE-2020-8260, CVE-2020-8243, and the newly disclosed CVE-2021-22893. These entities confirmed the malicious activity after running the Pulse Secure Connect Integrity Tool. Since March 31, 2021, CISA and Ivanti have assisted multiple entities whose vulnerable Pulse Connect Secure products have been exploited by a cyber threat actor. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor-or actors-beginning in June 2020 or earlier related to vulnerabilities in certain Ivanti Pulse Connect Secure products. The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting a number of U.S.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |