CP
cyberpings
Malware & RansomwareHIGH

DslogdRAT Malware Targets Ivanti Connect Secure Users

JPJPCERT/CCApr 24, 2025
DslogdRATCVE-2025-0282Ivanti Connect SecuremalwareJPCERT
🎯

Basically, a new malware called DslogdRAT is infecting systems through a security flaw in Ivanti Connect Secure.

Quick Summary

A new malware named DslogdRAT is exploiting a vulnerability in Ivanti Connect Secure. Organizations in Japan are particularly affected, risking sensitive data exposure. Immediate software updates and vigilance are crucial to protect against ongoing attacks.

What Happened

Imagine waking up to find that your home has been invaded while you were at work. That's what happened to organizations in Japan when they were targeted by a new malware? called DslogdRAT. This malware? was installed by exploiting a zero-day vulnerability in Ivanti Connect Secure, identified as CVE-2025-0282?, during attacks in December 2024.

The attackers used a web shell?, which is a type of backdoor, to execute commands on compromised systems. This web shell? was written in Perl and could run arbitrary commands if certain conditions were met. Essentially, it acted as a gateway for the attackers to deploy further malware?, including DslogdRAT, onto the infected machines.

Why Should You Care

If you use Ivanti Connect Secure or work for an organization that does, this is a serious issue. Your sensitive information could be at risk. Imagine if someone could access your bank account or personal files without you knowing. That's the level of threat posed by malware? like DslogdRAT. It operates stealthily, only communicating with its command and control (C2) server? during business hours to avoid detection.

This isn't just a problem for large organizations; it could affect anyone who relies on this software for secure connections. The risk is real, and it’s time to take action. If this malware? can infiltrate networks, it can lead to data breaches, financial loss, and a damaged reputation.

What's Being Done

In response to these attacks, JPCERT/CC has issued an alert regarding the vulnerability in Ivanti Connect Secure (CVE-2025-22457). They are monitoring the situation closely, as attacks are expected to continue. Here’s what you should do right now:

  • Update your Ivanti Connect Secure software to the latest version to patch vulnerabilities.
  • Monitor your systems for any unusual activity or unauthorized access.
  • Educate your team about the risks of malware? and how to recognize suspicious behavior.

Experts are keeping an eye on the ongoing campaigns and are particularly interested in whether these attacks are linked to the SPAWN malware? family operated by the UNC5221 group. Stay vigilant and informed to protect your data from these evolving threats.

💡 Tap dotted terms for explanations

🔒 Pro insight: The exploitation of CVE-2025-0282 indicates a sophisticated threat landscape; expect further developments as attackers refine their tactics.

Original article from

JPCERT/CC

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

ClickFix Attackers Evolve Tactics to Bypass Security Measures

Microsoft warns about a new ClickFix phishing tactic. Attackers are tricking users into executing harmful commands via Windows Terminal. This method can compromise your data and security. Stay alert and educate yourself on these evolving threats!

CSO Online·Yesterday, 9:15 PM
HIGHMalware & Ransomware

Fake Google Meet Update Gives Attackers Control of Your PC

A fake Google Meet update is tricking users into giving hackers control of their PCs. This poses a serious risk to personal and sensitive data. Stay vigilant and avoid suspicious update prompts to protect yourself.

Malwarebytes Labs·Yesterday, 7:35 PM
HIGHMalware & Ransomware

Spyware Masquerades as Emergency App Targeting Israeli Smartphones

Israeli smartphones were targeted by spyware disguised as an emergency app. This deceptive tactic puts personal data at risk. Stay vigilant and verify app legitimacy to protect your privacy.

The Register Security·Yesterday, 6:56 PM
HIGHMalware & Ransomware

Metasploit Update: New Exploits and Enhanced Control Features

Metasploit has launched a new update with powerful exploits and features. Users of Tactical RMM and MajorDoMo are particularly at risk. Stay ahead of potential attacks by updating your systems and reviewing security measures.

Rapid7 Blog·Yesterday, 6:28 PM
HIGHMalware & Ransomware

New ClickFix Attack Uses Windows Terminal for Malicious Payloads

A new wave of ClickFix attacks targets Windows Terminal to deliver malicious payloads. Users are at risk of unauthorized access and data theft. Stay cautious and keep your software updated to protect yourself.

Cyber Security News·Yesterday, 6:05 PM
HIGHMalware & Ransomware

AI-Powered Malware: Transparent Tribe Targets India

A hacking group is using AI to create malware targeting India. This mass production of implants could compromise personal data and financial security. Experts recommend updating software and using strong passwords to protect against these threats.

The Hacker News·Yesterday, 3:11 PM