Adrian Johnson
TLDR:
- Cybercrime crew Magnet Goblin rapidly exploits vulnerabilities in Ivanti devices.
- CISA confirms being one of the victims of the Ivanti attacks.
There’s a new cybercrime crew on the block called Magnet Goblin, identified by Check Point for exploiting vulnerabilities in Ivanti devices to break into networks of US medical, manufacturing, and energy-sector organizations. This group quickly exploits newly disclosed vulnerabilities before vendors issue a fix. They target vulnerable Ivanti Connect Secure VPN servers, deploying backdoors once inside the victim’s IT environments.
CISA, the top US cybersecurity agency, confirmed that it was among the 15 federal agencies using flawed Ivanti VPN servers. They identified exploitation activity on two systems and immediately took them offline. Check Point estimates that Magnet Goblin’s victims in the US could be more than the confirmed number of 10 organizations. The group utilizes malware like MiniNerbian, NerbianRAT, and WARPWIRE to gain access and maintain control over their victims’ networks.
Magnet Goblin’s attacks have been linked to Qlink Sense exploits reported previously. Despite efforts to patch these vulnerabilities, the group moves quickly to exploit new security holes in edge devices and public-facing services. The significance of these rapid exploitation tactics poses a severe threat to digital infrastructures worldwide.
It is crucial for organizations using Ivanti gear to ensure patches or mitigations are in place and to check for any signs of compromise. CISA urges organizations to review their latest Ivanti advisory and have an incident response plan in place to enhance resilience against cyber vulnerabilities.
