{"id":55033,"date":"2024-01-11T14:33:14","date_gmt":"2024-01-11T14:33:14","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/35387\/Actively-Exploited-0-Days-In-Ivanti-VPN-Are-Letting-Hackers-Backdoor-Networks.html"},"modified":"2024-01-11T14:33:14","modified_gmt":"2024-01-11T14:33:14","slug":"actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\/","title":{"rendered":"Actively Exploited 0-Days In Ivanti VPN Are Letting Hackers Backdoor Networks"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/11\/zeroday-800x534.jpg\" alt=\"The word ZERO-DAY is hidden amidst a screen filled with ones and zeroes.\"><figcaption class=\"caption\"><\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/security\/2024\/01\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">12<\/span> <\/a> <\/aside>\n<p> <!-- cache hit 346:single\/related:007696b1f6ed75b456f0421948590ceb --><!-- empty --><\/p>\n<p>Unknown threat actors are actively targeting two critical zero-day vulnerabilities that allow them to bypass two-factor authentication and execute malicious code inside networks that use a widely used virtual private network appliance sold by Ivanti, researchers said Wednesday.<\/p>\n<p>Ivanti reported bare-bones details concerning the zero-days in <a href=\"https:\/\/forums.ivanti.com\/s\/article\/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US\">posts<\/a> published on <a href=\"https:\/\/forums.ivanti.com\/s\/article\/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US\">Wednesday<\/a> that urged customers to follow mitigation guidance immediately. Tracked as CVE-2023-46805 and CVE-2024-21887, they reside in Ivanti Connect Secure, a VPN appliance often abbreviated as ICS. Formerly known as Pulse Secure, the widely used VPN has harbored <a href=\"https:\/\/arstechnica.com\/information-technology\/2019\/08\/hackers-are-actively-trying-to-steal-passwords-from-two-widely-used-vpns\/\">previous zero-days<\/a> in <a href=\"https:\/\/arstechnica.com\/gadgets\/2021\/04\/hackers-are-exploiting-a-pulse-secure-0day-to-breach-orgs-around-the-world\/\">recent years<\/a> that came under widespread exploitation, in some cases to devastating effect.<\/p>\n<h2>Exploiters: Start your engines<\/h2>\n<p>\u201cWhen combined, these two vulnerabilities make it trivial for attackers to run commands on the system,\u201d researchers from security firm Volexity wrote in a <a href=\"https:\/\/www.volexity.com\/blog\/2024\/01\/10\/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn\/\">post<\/a> summarizing their investigative findings of an attack that hit a customer last month. \u201cIn this particular incident, the attacker leveraged these exploits to steal configuration data, modify existing files, download remote files, and reverse tunnel from the ICS VPN appliance.\u201d Researchers Matthew Meltzer, Robert Jan Mora, Sean Koessel, Steven Adair, and Thomas Lancaster went on to write:<\/p>\n<blockquote>\n<p>Volexity observed the attacker modifying legitimate ICS components and making changes to the system to evade the ICS Integrity Checker Tool. Notably, Volexity observed the attacker backdooring a legitimate CGI file (compcheck.cgi) on the ICS VPN appliance to allow command execution. Further, the attacker also modified a JavaScript file used by the Web SSL VPN component of the device in order to keylog and exfiltrate credentials for users logging into it. The information and credentials collected by the attacker allowed them to pivot to a handful of systems internally, and ultimately gain unfettered access to systems on the network.<\/p>\n<\/blockquote>\n<p>The researchers attributed the hacks to a threat actor tracked under the alias UTA0178, which they suspect is a Chinese nation-state-level threat actor.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>Like other VPNs, the ICS sits at the edge of a protected network and acts as the gatekeeper that\u2019s supposed to allow only authorized devices to connect remotely. That position and its always-on status make the appliance ideal for targeting when code-execution vulnerabilities in them are identified. So far, the zero-days appear to have been exploited in low numbers and only in highly targeted attacks, Volexity CEO Steven Adair said in an email. He went on to write:<\/p>\n<blockquote>\n<p>However, there is a very good chance that could change. There will now be a potential race to compromise devices before mitigations are applied. It is also possible that the threat actor could share the exploit or that additional attackers will otherwise figure out the exploit. If you know the details\u2014the exploit is quite trivial to pull off and it requires absolutely no authentication and can be done over the Internet. The entire purposes of these devices are to provide VPN access, so by nature they sit on the Internet and are accessible.<\/p>\n<\/blockquote>\n<p>The threat landscape of 2023 was dominated by the active mass exploitation of a handful of high-impact vulnerabilities tracked under the names <a href=\"https:\/\/arstechnica.com\/security\/2023\/10\/critical-citrix-bleed-vulnerability-allowing-mfa-bypass-comes-under-mass-exploitation\/\">Citrix Bleed<\/a> or designations including <a href=\"https:\/\/arstechnica.com\/information-technology\/2023\/02\/unpatched-vulnerabilities-in-fortinet-and-zoho-products-come-under-mass-attack\/\">CVE-2022-47966<\/a>, <a href=\"https:\/\/arstechnica.com\/security\/2023\/06\/casualties-keep-growing-in-this-months-mass-exploitation-of-moveit-0-day\/\">CVE-2023-34362<\/a>, and <a href=\"https:\/\/arstechnica.com\/security\/2023\/11\/owncloud-vulnerability-with-a-maximum-10-severity-rating-comes-under-mass-exploitation\/\">CVE-2023-49103<\/a>, which resided in the Citrix NetScaler Application Delivery Controller and NetScaler Gateway, the MOVEit file-transfer service, and 24 wares sold by Zoho-owned ManageEngine and ownCloud, respectively. Unless affected organizations move more quickly than they did last year to patch their networks, the latest vulnerabilities in the Ivanti appliances may receive the same treatment. <\/p>\n<p>Researcher Kevin Beaumont, who proposed \u201cConnect Around\u201d as a moniker for tracking the zero-days, <a href=\"https:\/\/infosec.exchange\/@GossiTheDog@cyberplace.social\/111732573387711529\">posted results<\/a> from a <a href=\"https:\/\/beta.shodan.io\/search?query=html%3A%22welcome.cgi%3Fp%3Dlogo%22\">scan<\/a> that showed there were roughly 15,000 affected Ivanti appliances around the world exposed to the Internet. Beaumont said that hackers backed by a nation-state appeared to be behind the attacks on the Ivanti-sold device.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/01\/ivanti-connect-secure-usage.png\" class=\"enlarge\" data-height=\"1009\" data-width=\"2373\" alt=\"Map showing geographic location of ICS deployments, led by the US, Japan, Germany, France, and Canada.\"><img loading=\"lazy\" decoding=\"async\" alt=\"Map showing geographic location of ICS deployments, led by the US, Japan, Germany, France, and Canada.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/01\/ivanti-connect-secure-usage-640x272.png\" width=\"640\" height=\"272\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/01\/ivanti-connect-secure-usage-1280x544.png 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/01\/ivanti-connect-secure-usage.png\" class=\"enlarge-link\" data-height=\"1009\" data-width=\"2373\">Enlarge<\/a> <span class=\"sep\">\/<\/span> Map showing geographic location of ICS deployments, led by the US, Japan, Germany, France, and Canada.<\/div>\n<\/figcaption><\/figure>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/35387\/Actively-Exploited-0-Days-In-Ivanti-VPN-Are-Letting-Hackers-Backdoor-Networks.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":55034,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[10044],"class_list":["post-55033","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackerflawzero-daybackdoor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Actively Exploited 0-Days In Ivanti VPN Are Letting Hackers Backdoor Networks 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Actively Exploited 0-Days In Ivanti VPN Are Letting Hackers Backdoor Networks 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-11T14:33:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/11\/zeroday-800x534.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Actively Exploited 0-Days In Ivanti VPN Are Letting Hackers Backdoor Networks\",\"datePublished\":\"2024-01-11T14:33:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\\\/\"},\"wordCount\":658,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks.jpg\",\"keywords\":[\"headline,hacker,flaw,zero day,backdoor\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\\\/\",\"name\":\"Actively Exploited 0-Days In Ivanti VPN Are Letting Hackers Backdoor Networks 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks.jpg\",\"datePublished\":\"2024-01-11T14:33:14+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks.jpg\",\"width\":800,\"height\":534},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,flaw,zero day,backdoor\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerflawzero-daybackdoor\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Actively Exploited 0-Days In Ivanti VPN Are Letting Hackers Backdoor Networks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Actively Exploited 0-Days In Ivanti VPN Are Letting Hackers Backdoor Networks 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\/","og_locale":"en_US","og_type":"article","og_title":"Actively Exploited 0-Days In Ivanti VPN Are Letting Hackers Backdoor Networks 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-01-11T14:33:14+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/11\/zeroday-800x534.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Actively Exploited 0-Days In Ivanti VPN Are Letting Hackers Backdoor Networks","datePublished":"2024-01-11T14:33:14+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\/"},"wordCount":658,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/01\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks.jpg","keywords":["headline,hacker,flaw,zero day,backdoor"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\/","url":"https:\/\/www.threatshub.org\/blog\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\/","name":"Actively Exploited 0-Days In Ivanti VPN Are Letting Hackers Backdoor Networks 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/01\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks.jpg","datePublished":"2024-01-11T14:33:14+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/01\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/01\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks.jpg","width":800,"height":534},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,flaw,zero day,backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerflawzero-daybackdoor\/"},{"@type":"ListItem","position":3,"name":"Actively Exploited 0-Days In Ivanti VPN Are Letting Hackers Backdoor Networks"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55033","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=55033"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55033\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/55034"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=55033"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=55033"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=55033"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}