Payloads recently found on compromised Ivanti Connect Secure appliances could be from the same, sophisticated threat actor, according to incident response provider Synacktiv. A new malware analysis from Synacktiv researcher Théo Letailleur showed that the 12 Rust payloads discovered by Volexity as part of its investigation into two Ivanti Connect Secure VPN remote code execution (RCE) zero-days (CVE-2024-21887 and CVE-2023-468051) share almost 100% code similarity.
Source: Infosecurity