‹ All episodes

The Defender's Advantage Podcast

Investigations Into Zero-Day Exploitation of the Ivanti Connect Secure Appliances

May 16, 2024 Mandiant
Investigations Into Zero-Day Exploitation of the Ivanti Connect Secure Appliances
The Defender's Advantage Podcast
More Info
The Defender's Advantage Podcast
Investigations Into Zero-Day Exploitation of the Ivanti Connect Secure Appliances
May 16, 2024
Mandiant

Mandiant Principal Analysts John Wolfram and Tyler McLellan join host Luke McNamara to discuss their research in the "Cutting Edge" blog series, a series of investigations into zero-day exploitation of Ivanti appliances.  John and Tyler discuss the process of analyzing the initial exploitation, and the attribution challenges that emerged following the disclosure and widespread exploitation by a range of threat actors.  They also discuss the role a suspected Volt Typhoon cluster played into the follow-on exploitation, and share their thoughts on what else we might see from China-nexus zero-day exploitation of edge infrastructure this year.  

For more on this research, please check out: 

Cutting Edge, Part 1: https://cloud.google.com/blog/topics/threat-intelligence/suspected-apt-targets-ivanti-zero-day
Cutting Edge, Part 2: https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-zero-day-exploitation
Cutting Edge, Part 3: https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-exploitation-persistence
Cutting Edge, Part 4: https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement

Follow John on X at  @Big_Bad_W0lf_
Follow Tyler on X at @tylabs

Apple Podcasts Spotify Amazon Music Podcast Index Overcast Stitcher +
Show Notes

Mandiant Principal Analysts John Wolfram and Tyler McLellan join host Luke McNamara to discuss their research in the "Cutting Edge" blog series, a series of investigations into zero-day exploitation of Ivanti appliances.  John and Tyler discuss the process of analyzing the initial exploitation, and the attribution challenges that emerged following the disclosure and widespread exploitation by a range of threat actors.  They also discuss the role a suspected Volt Typhoon cluster played into the follow-on exploitation, and share their thoughts on what else we might see from China-nexus zero-day exploitation of edge infrastructure this year.  

For more on this research, please check out: 

Cutting Edge, Part 1: https://cloud.google.com/blog/topics/threat-intelligence/suspected-apt-targets-ivanti-zero-day
Cutting Edge, Part 2: https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-zero-day-exploitation
Cutting Edge, Part 3: https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-exploitation-persistence
Cutting Edge, Part 4: https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement

Follow John on X at  @Big_Bad_W0lf_
Follow Tyler on X at @tylabs