Sign up to save your podcasts
Or
Share UNC5221 Exploits Ivanti EPMM: What Adarma’s Incident Responders Have Uncovered
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
UNC5221 Exploits Ivanti EPMM: What Adarma’s Incident Responders Have Uncovered
In this episode of Cyber Insiders, Cian Heasley, Threat Lead at Adarma, walks us through our Incident Response team's investigation into the exploitation of Ivanti Endpoint Manager Mobile (EPMM) by UNC5221, a threat group linked to the Chinese state.
Cian breaks down how the attackers chained CVE-2025-4427 and CVE-2025-4428 to gain unauthenticated remote code execution, what tools and techniques they used, and explains why this campaign shows signs of strategic pre-positioning.
View all episodes
By AdarmaIn this episode of Cyber Insiders, Cian Heasley, Threat Lead at Adarma, walks us through our Incident Response team's investigation into the exploitation of Ivanti Endpoint Manager Mobile (EPMM) by UNC5221, a threat group linked to the Chinese state.
Cian breaks down how the attackers chained CVE-2025-4427 and CVE-2025-4428 to gain unauthenticated remote code execution, what tools and techniques they used, and explains why this campaign shows signs of strategic pre-positioning.