China-backed espionage group hits Ivanti customers again | CyberScoop<\/title> <meta name=\"description\" content=\"UNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendor\u2019s products since 2023, according to Mandiant.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/china-espionage-group-ivanti-vulnerability-exploits\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"China-backed espionage group hits Ivanti customers again\"> <meta property=\"og:description\" content=\"UNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendor\u2019s products since 2023, according to Mandiant.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/china-espionage-group-ivanti-vulnerability-exploits\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-04-03T22:58:07+00:00\"> <meta property=\"article:modified_time\" content=\"2025-04-03T22:58:10+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/china-backed-espionage-group-hits-ivanti-customers-again-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1278\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1742994400g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1743607778g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1740691656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=a815169637cf454b7376\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84089\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84089\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fchina-espionage-group-ivanti-vulnerability-exploits%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fchina-espionage-group-ivanti-vulnerability-exploits%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-84089 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/china-espionage-group-ivanti-vulnerability-exploits\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.193321616872\">\n<div class=\"single-article__header-content\" readability=\"35.52\">\n<p> UNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendor\u2019s products since 2023, according to Mandiant. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/84089\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/china-backed-espionage-group-hits-ivanti-customers-again.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"The Chinese national flag flies outside the Ministry of Foreign Affairs in Beijing on July 26, 2023. (Photo by GREG BAKER\/AFP via Getty Images)\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/china-backed-espionage-group-hits-ivanti-customers-again-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/china-backed-espionage-group-hits-ivanti-customers-again-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/china-backed-espionage-group-hits-ivanti-customers-again-2.jpg?resize=768,511 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/china-backed-espionage-group-hits-ivanti-customers-again-2.jpg?resize=1024,682 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/china-backed-espionage-group-hits-ivanti-customers-again-2.jpg?resize=1536,1022 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/china-backed-espionage-group-hits-ivanti-customers-again-2.jpg?resize=600,399 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/china-backed-espionage-group-hits-ivanti-customers-again-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/china-backed-espionage-group-hits-ivanti-customers-again-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/china-backed-espionage-group-hits-ivanti-customers-again-2.jpg?resize=1014,675 1014w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/china-backed-espionage-group-hits-ivanti-customers-again-2.jpg?resize=1266,843 1266w\" sizes=\"(max-width: 1014px) 100vw, 1014px\"><figcaption> The Chinese national flag flies outside the Ministry of Foreign Affairs in Beijing on July 26, 2023. (Photo by GREG BAKER\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"37.63329583802\"><body readability=\"78.05935483871\"><\/p>\n<p>Ivanti customers are confronting another string of attacks linked to an actively exploited vulnerability in the company\u2019s VPN products. Mandiant said a nation-state backed espionage group linked to China has been exploiting the critical vulnerability, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-22457\">CVE-2025-22457<\/a>, since mid-March.<\/p>\n<p>The threat group, which Google Threat Intelligence Group tracks as UNC5221, has a knack for exploiting Ivanti products and has successfully \u2014 and repeatedly \u2014 attacked the vendor\u2019s customers since 2023. UNC5221 previously exploited a trio of zero-day vulnerabilities, including <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-0282\">CVE-2025-0282<\/a>, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-46805\">CVE-2023-46805<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2024-21887\">CVE-2024-21887<\/a>. <\/p>\n<p>Actively exploited software defects in Ivanti products are a consistent and recurring problem for the vendor\u2019s customers, which have been subject to multiple attack sprees from various threat groups. Ivanti has made 15 appearances in the Cybersecurity and Infrastructure Security Agency\u2019s known exploited vulnerabilities catalog since early 2024, not including CVE-2025-22457. <\/p>\n<p>\u201cThis latest activity from UNC5221 underscores the ongoing targeting of edge devices globally by China-nexus espionage groups,\u201d Mandiant Consulting CTO Charles Carmakal said in a statement. \u201cThe velocity of cyber intrusion activity by China-nexus espionage actors continues to increase and these actors are better than ever.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The latest attacks involve a vulnerability in Ivanti Connect Secure that the vendor released a patch for Feb. 11, but the company didn\u2019t disclose the vulnerability until Thursday.<\/p>\n<p>The software defect was considered low risk at the time, but UNC5221 studied the patch and found a way to exploit CVE-2025-22457 in earlier versions of the product, Mandiant said in a <a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/china-nexus-exploiting-critical-ivanti-vulnerability\">blog post<\/a> Thursday.<\/p>\n<p>\u201cIvanti and our security partners have now learned the vulnerability is exploitable through sophisticated means and have identified evidence of active exploitation in the wild,\u201d Ivanti said in a <a href=\"https:\/\/forums.ivanti.com\/s\/article\/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US\">security advisory<\/a>. \u201cWe encourage all customers to ensure they are running Ivanti Connect Secure 22.7R2.6 as soon as possible, which remediates the vulnerability.\u201d<\/p>\n<p>A \u201climited number of customers\u201d using Ivanti Connect Secure 22.7R2.5 or earlier versions and Pulse Connect Secure 9.1x appliances, which are no longer supported or receiving code changes, have been exploited, Ivanti said. The stack-based overflow vulnerability allows attackers to achieve remote code execution.<\/p>\n<p>The vulnerability also affects Ivanti Policy Secure and Ivanti ZTA Gateways, though the vendor said it\u2019s not aware of any exploitation in those products. Ivanti said patches for those products are in development and expected to be released later this month.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cNetwork security devices and edge devices are a focus of sophisticated and highly persistent threat actors,\u201d an Ivanti spokesperson said in an email. <\/p>\n<p>\u201cWe seek to go above and beyond in providing detailed information to defenders to ensure they can take every possible step to secure their environments,\u201d the spokesperson added. \u201cWe have continued to meaningfully expand and enhance the Ivanti Security team with highly skilled security specialists to meet the evolving needs of this landscape.\u201d<\/p>\n<p>During its investigation of post-exploitation activity, Mandiant observed UNC5221 deploying two newly identified malware families: the Trailblaze in-memory only dropper and the Brushfire passive backdoor. Researchers also observed various Spawn malware and UNC5221\u2019s use of a modified version of Ivanti\u2019s Integrity Checker Tool, which allowed the group to evade detection.<\/p>\n<p>\u201cChina-nexus espionage actors regularly surge their exploitation activity once they are discovered and publicly outed,\u201d Carmakal said in a <a href=\"https:\/\/www.linkedin.com\/posts\/charlescarmakal_critical-alert-active-exploitation-of-activity-7313567128396193792-xjyz\/?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAC2xvMBLPggh7Z3PC8i4V4yQ0JB56a2MlM\">LinkedIn post<\/a>. \u201cWe expect they will likely try to compromise more victims in the coming days before organizations have the opportunity to patch.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.1634446397188\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/china-backed-espionage-group-hits-ivanti-customers-again-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/china-espionage-group-ivanti-vulnerability-exploits\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>China-backed espionage group hits Ivanti customers again | CyberScoop Skip<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[271,1209,78,2833,624,2659,3729,1394,1766,646,256,288,2281],"tags":[277,668,86,2836,629,2661,3731,1395,1771,650,262,294,2283],"class_list":["post-7513","post","type-post","status-publish","format-standard","hentry","category-china","category-cisa","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency","category-espionage","category-exploit","category-google-threat-intelligence-group","category-ivanti","category-known-exploited-vulnerabilities-kev","category-mandiant","category-research","category-threats","category-vulnerability","tag-china","tag-cisa","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency","tag-espionage","tag-exploit","tag-google-threat-intelligence-group","tag-ivanti","tag-known-exploited-vulnerabilities-kev","tag-mandiant","tag-research","tag-threats","tag-vulnerability"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisa\/\" rel=\"category tag\">CISA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/espionage\/\" rel=\"category tag\">espionage<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/exploit\/\" rel=\"category tag\">exploit<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google-threat-intelligence-group\/\" rel=\"category tag\">Google Threat Intelligence Group<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ivanti\/\" rel=\"category tag\">Ivanti<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/known-exploited-vulnerabilities-kev\/\" rel=\"category tag\">known exploited vulnerabilities (KEV)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mandiant\/\" rel=\"category tag\">Mandiant<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability\/\" rel=\"category tag\">vulnerability<\/a>","tag_info":"vulnerability","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7513","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7513"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7513\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7513"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7513"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7513"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7513,"date":"2025-04-03T17:58:07","date_gmt":"2025-04-03T22:58:07","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84089"},"modified":"2025-04-03T17:58:07","modified_gmt":"2025-04-03T22:58:07","slug":"china-backed-espionage-group-hits-ivanti-customers-again","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/04\/03\/china-backed-espionage-group-hits-ivanti-customers-again\/","title":{"rendered":"China-backed espionage group hits Ivanti customers again"},"content":{"rendered":"