Japanese cybersecurity authorities have issued warnings about ongoing exploitation of Ivanti Connect Secure vulnerabilities, despite patches being available for months. Attackers are deploying multiple malware variants and using advanced tactics for post-exploitation, targeting both government and private organizations. #CVE-2025-0282 #CVE-2025-22457 #DslogdRAT #SPAWNCHIMERA #IvantiConnectSecure
Keypoints
- The vulnerabilities CVE-2025-0282 and CVE-2025-22457 in Ivanti Connect Secure are actively exploited by attackers.
- Malware such as DslogdRAT, SPAWNCHIMERA, Cobalt Strike, vshell, and Fscan are being deployed through DLL side-loading and other techniques.
- Attackers use advanced obfuscation methods, including RC4 encryption and legitimate loader files, to evade detection.
- Post-exploitation activities include brute-force attacks, lateral movement, and persistence tactics like establishing new domain accounts.
- Organizations utilizing Ivanti devices, especially government agencies, remain high-value targets for these ongoing campaigns.
Read More: https://thecyberexpress.com/ivanti-connect-bugs-exploited-jpcert/