Cybersecurity researchers have uncovered MDifyLoader, a new malware used in cyber attacks exploiting vulnerabilities in Ivanti Connect Secure appliances. The attacks involve using MDifyLoader to deploy Cobalt Strike and other tools, enabling persistent and stealthy intrusions. #MDifyLoader #CobaltStrike #IvantiConnectSecure #EternalBlue
Keypoints
- Cybercriminals exploited CVE-2025-0282 and CVE-2025-22457 to deploy MDifyLoader on vulnerable ICS systems.
- MDifyLoader is designed to load encrypted Cobalt Strike beacons into memory for post-exploitation activities.
- The attacks used DLL side-loading techniques and open-source tools like libPeConv, Fscan, and VShell.
- Attackers performed brute-force attacks and used EternalBlue (MS17-010) to move laterally within compromised networks.
- Persistent access was maintained through creating new domain accounts and registering malware as services or scheduled tasks.
Read More: https://thehackernews.com/2025/07/ivanti-zero-days-exploited-to-drop.html