Chinese hacker groups, identified as UNC5325 and UNC3886, have been exploiting vulnerabilities in Ivanti VPN solutions, specifically through CVE-2024-21893 and CVE-2024-21887, to deploy a range of persistent malware including LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET, and PITHOOK. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the significant risk posed by using Ivanti VPNs due to these vulnerabilities. The agency has also released a cybersecurity advisory to help organizations understand the ongoing exploitation and suggest ways to mitigate potential, dormant compromises. Additionally, the Five Eyes intelligence alliance has highlighted that cyber threat actors are targeting these vulnerabilities in Ivanti Connect Secure and Policy Secure gateways, with four vulnerabilities currently under active attack. Despite these warnings, there are concerns that detection tools may be insufficient to identify the exploitation of these vulnerabilities.