Recent forensic investigations by Synacktiv’s CSIRT have shed light on the common open-source tools leveraged by threat actors in incidents stemming from compromised Ivanti Cloud Services Appliance (CSA) devices. While initial access often exploited zero-day vulnerabilities in Ivanti CSA (CVE-2024-8963, CVE-2024-8190, CVE-2024-9380, CVE-2024-9379), subsequent attack stages frequently utilized publicly available, and sometimes “noisy,” tools for Read More …