CyberSecurity news
@cyble.com
//
A China-linked Advanced Persistent Threat (APT) group, known as UNC5221, has been actively exploiting critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software. Researchers from EclecticIQ have observed this group chaining two specific flaws, identified as CVE-2025-4427 and CVE-2025-4428, to target organizations across Europe, North America, and the Asia-Pacific region. These vulnerabilities allow for unauthenticated remote code execution, potentially granting the attackers deep access to compromised systems.
The targeted sectors include critical infrastructure such as telecommunications, healthcare, government, defense, finance, and aviation. The exploitation of these flaws began shortly after their disclosure, highlighting the speed at which UNC5221 moved to take advantage of the vulnerabilities. CISA has added the Ivanti EPMM flaw, among others, to its Known Exploited Vulnerabilities catalog, emphasizing the severity of the risk and urging organizations to apply necessary patches.
The attacks facilitate further intrusion and data exfiltration, potentially leading to significant breaches and compromise of sensitive information. This campaign underscores the ongoing threat posed by state-sponsored cyberespionage and the importance of proactive security measures to defend against such attacks.
ImgSrc: cyble.com
References :
- securityaffairs.com: China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure
- ciso2ciso.com: China-linked APT exploit Ivanti EPMM flaws to target critical sectors across Europe, North America, and Asia-Pacific, according to EclecticIQ.
- The Hacker News: Researchers from EclecticIQ observed a China-linked APT group that chained two Ivanti EPMM flaws, tracked as CVE-2025-4427 and CVE-2025-4428, in attacks against organizations in Europe, North America, and Asia-Pacific.
Classification: