![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3nrJbRs2yw5uK7rbvIOCEVk4D5JJlXr3nyA4nOVPGuibJqWzHnAG3zplhYpU896J5vbWkNkI_t_0x9zbRbaskQgAL05npMW8mpY7m5oWzjyKK966DSWjVsybc0ECoU4x9CfEqAlUHiHIXOmVW7zfk-_eT9w1sKEsISeBkqkVsLx7nhBPa-76w6Q6LJuGH/s1600/malware.jpg)
Google-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groups during post-exploitation activity targeting Ivanti Connect Secure VPN and Policy Secure devices.
This includes custom web shells such as BUSHWALK, CHAINLINE, FRAMESTING, and a variant of LIGHTWIRE.
“CHAINLINE is a Python web shell backdoor that is
Source:: The Hackers News