Tracked as CVE-2021-22893, the vulnerability was made public in late April, after security researchers discovered that threat actors had already been exploiting it in attacks targeting organizations in the defense, financial, government, high tech, and transportation sectors in the U.S. and Europe.

At the time, FireEye revealed that at least two Chinese threat actors believed to be state-sponsored — UNC2630 and UNC2717 — had been exploiting the vulnerability for initial compromise. The company identified 12 malware families used in attacks associated with the exploitation of CVE-2021-22893 and three other bugs in Pulse Secure VPN appliances.