tldr - powered by Generative AI

The main theme of the text is the exploitation of Ivanti devices and the need for customers to take preventive measures.
  • Threat actors are erasing logs on Ivanti devices to cover their tracks.
  • A backdoor has been injected into an existing Perl file called 'DSLog.pm' to grant persistent remote access.
  • The backdoor uses a unique hash per appliance to hamper analysis and detection.
  • The web shell associated with the backdoor does not return status/code when contacted, making it difficult to detect.
  • 670 compromised assets were detected during an initial scan, with the number decreasing to 524.
  • Customers are advised to factory reset their appliance before applying the patch to prevent upgrade persistence.
Ivanti devices
backdoor injection
persistent remote access
hash per appliance

Post a comment

Related articles