THREAT OPS › Threat News › Active Ivanti Exploitation Traced to Single Bulletproof IP—Published IOC Lists Point Elsewhere
Active Ivanti Exploitation Traced to Single Bulletproof IP—Published IOC Lists Point Elsewhere
The GreyNoise Global Observation Grid observed active exploitation of two critical Ivanti Endpoint Manager Mobile vulnerabilities, and 83% of that exploitation traces to a single IP address on bulletproof hosting infrastructure that does not appear on widely circulated IOC lists.
MITRE ATT&CK techniques
- VulnerabilitiesT1588.006
Original source: https://www.greynoise.io/blog/active-ivanti-exploitation