Full Report
On 2024-04-19, an incident was reported, involving UNC5221, gaining initial access via 1-day vulnerability, while using Session hijacking, Webshell deployment, targeting Ivanti Connect Secure VPN to achieve Data exfiltration.
Analysis Summary