The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments.
“Persistence mechanisms encompassed network devices, hypervisors, and virtual machines, ensuring alternative channels remain available