FRAMESTING

FRAMESTING is a Python-based web shell that serves as a backdoor, enabling attackers to execute arbitrary commands on compromised systems. It specifically targets Ivanti Connect Secure VPN appliances by embedding itself within legitimate Python packages, such as 'category.py'. Attackers exploit vulnerabilities like CVE-2023-46805 and CVE-2024-21887 to deploy FRAMESTING, facilitating unauthorized access and control over affected devices. This malware has been associated with China-nexus espionage groups, including UNC5221, and is part of a broader toolkit used in targeted attacks against critical infrastructure.