The main theme of the text is the exploitation of Ivanti devices and the need for customers to take preventive measures.
- Threat actors are erasing logs on Ivanti devices to cover their tracks.
- A backdoor has been injected into an existing Perl file called 'DSLog.pm' to grant persistent remote access.
- The backdoor uses a unique hash per appliance to hamper analysis and detection.
- The web shell associated with the backdoor does not return status/code when contacted, making it difficult to detect.
- 670 compromised assets were detected during an initial scan, with the number decreasing to 524.
- Customers are advised to factory reset their appliance before applying the patch to prevent upgrade persistence.