THREATOPS
THREAT OPSThreat News › Active Ivanti Exploitation Traced to Single Bulletproof IP—Published IOC Lists Point Elsewhere

Active Ivanti Exploitation Traced to Single Bulletproof IP—Published IOC Lists Point Elsewhere

infogreynoise_blogPublished 2026-02-10

The GreyNoise Global Observation Grid observed active exploitation of two critical Ivanti Endpoint Manager Mobile vulnerabilities, and 83% of that exploitation traces to a single IP address on bulletproof hosting infrastructure that does not appear on widely circulated IOC lists.

MITRE ATT&CK techniques

Original source: https://www.greynoise.io/blog/active-ivanti-exploitation