American software provider Ivanti is victim of a massive hack. Hackers are exploiting two zero-day vulnerabilities in the company’s professional VPN. Called Ivanti Connect Secure, it has thousands of customers, including world-renowned organizations.
Cybersecurity firm Volexity first reported the attack. Last week, it reported that a group of Chinese hackers had exploited two zero-day vulnerabilities in Ivanti Connect Secure. These allow malicious actors to infiltrate the VPN system and steal sensitive information. Initially, Volexity announced “less than ten customers” affected. This figure has since been drastically revised upwards, and the company now warns that the data of at least 1,700 companies has been exploited.
Victims all over the world
Aerospace, finance, defense, telecommunications, government… Many critical business sectors are affected. “Victims are spread all over the world and range in size from small companies to some of the world’s largest organizations, including several Fortune 500 firms”, says Volexity. Companies based in France are also among the victims.
“The widespread exploitation began on January 11, 2024 and continues,” continues the cybersecurity specialist. For its part, Ivanti has confirmed the attack, attesting that its own findings are “consistent” with those of Volexity. It has “seen a sharp increase in threat actor activity and security researcher analysis”, it told TechCrunch.
Increased risk of ransomware
Hackers will still have time to act. Ivanti will not deploy a patch before January 22. In the meantime, it is inviting its customers to take measures to mitigate the risks. These include resetting passwords and API keys, as well as revoking and reissuing all certificates stored on affected devices.
While nothing has yet been confirmed, Volexity expects this massive hack to turn into ransomware, with cybercriminals exploiting the stolen data to blackmail targeted companies. The firm has noted that other hacker groups, specialized in this form of cyberattack, have exploited the security holes.