tldr - powered by Generative AI

• Threat actors are erasing logs on Ivanti devices to cover their tracks.
• A backdoor has been injected into an existing Perl file called 'DSLog.pm' to grant persistent remote access.
• The backdoor uses a unique hash per appliance to hamper analysis and detection.
• The web shell associated with the backdoor does not return status/code when contacted, making it difficult to detect.
• 670 compromised assets were detected during an initial scan, with the number decreasing to 524.
• Customers are advised to factory reset their appliance before applying the patch to prevent upgrade persistence.