Mandiant Principal Analysts John Wolfram and Tyler McLellan join host Luke McNamara to discuss their research in the "Cutting Edge" blog series, a series of investigations into zero-day exploitation of Ivanti appliances.  John and Tyler discuss the process of analyzing the initial exploitation, and the attribution challenges that emerged following the disclosure and widespread exploitation by a range of threat actors.  They also discuss the role a suspected Volt Typhoon cluster played into the follow-on exploitation, and share their thoughts on what else we might see from China-nexus zero-day exploitation of edge infrastructure this year.  

For more on this research, please check out: 

Cutting Edge, Part 1: https://cloud.google.com/blog/topics/threat-intelligence/suspected-apt-targets-ivanti-zero-day
Cutting Edge, Part 2: https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-zero-day-exploitation
Cutting Edge, Part 3: https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-exploitation-persistence
Cutting Edge, Part 4: https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement

Follow John on X at  @Big_Bad_W0lf_
Follow Tyler on X at @tylabs