all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

UNC5221: Unreported and Undetected WIREFIRE Web Shell Variant

Add to bookmarks
Jan. 22, 2024, 5:05 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news 


			<div>
			<div>
			
			
			
			
			<div>
			
			
			
			
			<div><p><strong>QuoIntelligence uncovers a previously unreported and undetected variant of the WIREFIRE web shell, a Python-based implant found in Ivanti Connect Secure (ICS) VPN compromised appliances.</strong></p></div>
		</div><div>
			
			
			
			
			<img alt="QuoIntelligence Blog - Fake Handelsregister Invoices" height="1260" src="https://quointelligence.eu/wp-content/uploads/2024/01/Breaking-News-UN-5223.png" title="Breaking News- UN 5223" width="2240" />
		</div><div><div></div></div><div>
			
			
			
			
			<div><h2>Introduction</h2>

In mid-December, security researchers from Mandiant and Volexity identified multiple web shells hidden by an unknown threat actor on internal and external-facing web applications, a global exploitation and intrusion attempt against Ivanti Connect Secure …

actor compromised connect december found hidden ics implant internal introduction ivanti ivanti connect secure mandiant python researchers security security researchers shell shells threat threat actor undetected volexity vpn web web shell web shells

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Change Healthcare hasn't given VA details on hack-impacted veterans, top lawmaker says an hour ago | malware.news
change change healthcare hack healthcare +4
Two years in, Google says passkeys now protect more than 400 million accounts an hour ago | malware.news
account accounts article google +7
CVE-2024-2887: A Pwn2Own Winning Bug in Google Chrome an hour ago | malware.news
blog browsers bug chrome +19
How to Talk to The Board About Exposure 2 hours ago | malware.news
topic
Pro-Russia hackers target OT weaknesses in critical infrastructure 2 hours ago | malware.news
american article breaches critical +21
Watch out for tech support scams lurking in sponsored search results 2 hours ago | malware.news
blog blog post campaign home +12
Threat Intelligence Snapshot: Week 18, 2024 2 hours ago | malware.news
access amp april find +13
CISA: Immediate GitLab account takeover flaw remediation crucial amid attacks 2 hours ago | malware.news
account account takeover agency article +30
Increased stealth introduced in updated Zloader malware 2 hours ago | malware.news
analysis anti-analysis article banking +18

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Principal Business Value Consultant

@ Palo Alto Networks | Chicago, IL, United States
View on infosec-jobs.com

Cybersecurity Specialist, Sr. (Container Hardening)

@ Rackner | San Antonio, TX
View on infosec-jobs.com

Penetration Testing Engineer- Remote United States

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
View on infosec-jobs.com

Internal Audit- Compliance & Legal Audit-Dallas-Associate

@ Goldman Sachs | Dallas, Texas, United States
View on infosec-jobs.com

Threat Responder

@ Deepwatch | Remote
View on infosec-jobs.com
View more jobs