Sleeper Shells: Attackers Are Planting Dormant Backdoors in Ivanti EPMM
A new stealthy attack leaves dormant backdoors in corporate systems, waiting for a secret trigger.
Deep Dive
Attackers are exploiting critical vulnerabilities in Ivanti's mobile management software to plant dormant backdoors. Instead of immediate attacks, they install a hidden Java-based loader that only activates with a specific trigger. This suggests hackers are establishing footholds to sell access later. The campaign targets major institutions, including governments, and began a new wave of exploitation on February 4th, 2026, using a stealthier approach than previous smash-and-grab attacks.
Why It Matters
This stealthy tactic allows attackers to maintain long-term, undetected access to sensitive corporate and government networks.