DiscoverThe Defender's Advantage PodcastUNC5221 and The Targeting of Ivanti Connect Secure VPNs
UNC5221 and The Targeting of Ivanti Connect Secure VPNs

UNC5221 and The Targeting of Ivanti Connect Secure VPNs

Update: 2025-05-05
Share

Description

Matt Lin (Senior Incident Response Consultant, Mandiant) and Daniel Spicer (Chief Security Officer, Ivanti) dive into the research and response of UNC5221's campaigns against Ivanti. They cover how this threat actor has evolved from earlier campaigns, the continued focus of edge infrastructure by APT actors, and the shared responsibility of security in mitigating threats like this. 

https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability

https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day

https://www.ivanti.com/blog/an-update-on-ivantis-ongoing-commitment-to-enhanced-product-security

https://www.ivanti.com/resources/secure-by-design/2024

https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends?e=48754805

Comments 
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

UNC5221 and The Targeting of Ivanti Connect Secure VPNs

UNC5221 and The Targeting of Ivanti Connect Secure VPNs

Mandiant