DiscoverThe Defender's Advantage PodcastUNC5221 and The Targeting of Ivanti Connect Secure VPNs
UNC5221 and The Targeting of Ivanti Connect Secure VPNs

UNC5221 and The Targeting of Ivanti Connect Secure VPNs

Update: 2025-05-05
Share

Description

Matt Lin (Senior Incident Response Consultant, Mandiant) and Daniel Spicer (Chief Security Officer, Ivanti) dive into the research and response of UNC5221's campaigns against Ivanti. They cover how this threat actor has evolved from earlier campaigns, the continued focus of edge infrastructure by APT actors, and the shared responsibility of security in mitigating threats like this. 

https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability

https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day

https://www.ivanti.com/blog/an-update-on-ivantis-ongoing-commitment-to-enhanced-product-security

https://www.ivanti.com/resources/secure-by-design/2024

https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends?e=48754805

Comments 
In Channel
How vSphere Became a Target for Adversaries

How vSphere Became a Target for Adversaries

2025-09-1539:01

AI Tools and Sentiment Within the Underground Cyber Crime Community

AI Tools and Sentiment Within the Underground Cyber Crime Community

2025-08-1825:44

Protecting the Core: Securing Protection Relays in Modern Substations

Protecting the Core: Securing Protection Relays in Modern Substations

2025-07-2843:05

The Rise of ClickFix

The Rise of ClickFix

2025-07-1523:33

Vishing in the Wild

Vishing in the Wild

2025-06-0437:48

Responding to a DPRK ITW Incident

Responding to a DPRK ITW Incident

2025-05-1916:35

UNC5221 and The Targeting of Ivanti Connect Secure VPNs

UNC5221 and The Targeting of Ivanti Connect Secure VPNs

2025-05-0527:55

Windows Remote Desktop Protocol: Remote to Rogue

Windows Remote Desktop Protocol: Remote to Rogue

2025-04-1434:27

Cybersecurity Conversations with the C-Suite and Board

Cybersecurity Conversations with the C-Suite and Board

2025-03-1036:14

What to Watch For in 2025

What to Watch For in 2025

2025-02-2844:31

Signals of Trouble

Signals of Trouble

2025-02-1926:03

Agentic AI in Cybersecurity

Agentic AI in Cybersecurity

2025-02-0526:40

The Art of Remediation in Incident Response

The Art of Remediation in Incident Response

2024-12-0240:59

How to Run an Effective Tabletop Exercise

How to Run an Effective Tabletop Exercise

2024-10-1829:14

Using LLMs to Analyze Windows Binaries

Using LLMs to Analyze Windows Binaries

2024-10-0436:40

How Threat Actors Bypass Multi-Factor Authentication

How Threat Actors Bypass Multi-Factor Authentication

2024-09-2627:20

TAG's Work Tracking Commercial Surveillance Vendors

TAG's Work Tracking Commercial Surveillance Vendors

2024-09-0423:58

What Iranian Threat Actors Have Been Up To This Year

What Iranian Threat Actors Have Been Up To This Year

2024-07-2536:13

Mandiant's Approach to Securely Using AI Solutions

Mandiant's Approach to Securely Using AI Solutions

2024-06-2732:00

Lessons Learned from Responding to Cloud Compromises

Lessons Learned from Responding to Cloud Compromises

2024-06-0330:16

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

UNC5221 and The Targeting of Ivanti Connect Secure VPNs

UNC5221 and The Targeting of Ivanti Connect Secure VPNs

Mandiant