Ivanti customers are confronting another string of attacks linked to an actively exploited vulnerability in the company’s VPN products. Mandiant said a nation-state backed espionage group linked to China has been exploiting the critical vulnerability, CVE-2025-22457, since mid-March.
The threat group, which Google Threat Intelligence Group tracks as UNC5221, has a knack for exploiting Ivanti products and has successfully — and repeatedly — attacked the vendor’s customers since 2023. UNC5221 previously exploited a trio of zero-day vulnerabilities, including CVE-2025-0282, CVE-2023-46805 and CVE-2024-21887.
Actively exploited software defects in Ivanti products are a consistent and recurring problem for the vendor’s customers, which have been subject to multiple attack sprees from various threat groups. Ivanti has made 15 appearances in the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog since early 2024, not including CVE-2025-22457.
[...]
China-backed espionage group hits Ivanti customers again
China-backed espionage group hits Ivanti customers again
-
rbc
- Secretary
- Posts: 381
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
China-backed espionage group hits Ivanti customers again
Robert B. Carleton + ISC2 Central Mississippi Secretary