{"uuid": "12120dbd-0f7c-4b5f-a2ae-3aca33dc453b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21887", "type": "exploited", "source": "https://t.me/theninjaway1337/1421", "content": "MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIES\n\nOn January 10, 2024, Ivanti\u00a0published\u00a0a security advisory regarding two vulnerabilities in Ivanti Connect Secure VPN. These vulnerabilities, which were exploited in the wild, are identified as CVE-2023-46805 and CVE-2023-21887. The exploitation of these vulnerabilities was quickly adopted by a number of threat actors, resulting in a broad\u00a0range\u00a0of malicious activities.\nCheck Point Research has been tracking these exploitations and identified several activity clusters targeting vulnerable Connect Secure VPN appliances. As in many other mass-exploitation of 1-day vulnerabilities cases, differentiating and identifying the different actors is quite challenging. With this in mind, we decided to investigate the inner workings of one distinct cluster that caught our attention, by a threat actor we called Magnet Goblin.\n\nhttps://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/", "creation_timestamp": "2024-03-12T11:57:05.000000Z"}