Vulnerabilities in Ivanti Connect Secure VPN and Policy Secure were recently exploited by UNC5221 and potentially other threat actors.
As Ivanti continues to deploy patches, keeping an eye out on the digital infrastructure used in the high-impact exploitation is critical. WhoisXML API researchers found hundreds of threat artifacts after analyzing and expanding a list of 20 IoCs.1 Tapping into DNS intelligence led to the discovery of:
- 33 email-connected domains
- 211 IP-connected domains
- 153 string-connected domains
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
—