A new malware, utilized by a Chinese espionage threat actor UNC5221, is targeting Ivanti Connect Secure VPN and Policy Secure devices through vulnerabilities CVE-2023-46805 and CVE-2024-21887, allowing arbitrary command execution. The malware includes web shells like CHAINLINE and FRAMESTING, as well as a variant of LIGHTWIRE. Ivanti has disclosed additional flaws, CVE-2024-21888 and CVE-2024-21893, with the latter actively exploited. The attacks involve the use of open-source tools and are associated with UNC5221 targeting strategic industries in China.