Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks

The Hacker News by The Hacker News
April 25, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Apr 25, 2025Ravie LakshmananVulnerability / Network Security

Cybersecurity researchers are warning about a new malware called DslogdRAT that’s installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS).

The malware, along with a web shell, were “installed by exploiting a zero-day vulnerability at that time, CVE-2025-0282, during attacks against organizations in Japan around December 2024,” JPCERT/CC researcher Yuma Masubuchi said in a report published Thursday.

CVE-2025-0282 refers to a critical security flaw in ICS that could allow unauthenticated remote code execution. It was addressed by Ivanti in early January 2025.

Cybersecurity

However, the shortcoming has been exploited as a zero-day by a China-nexus cyber espionage group dubbed UNC5337 to deliver the SPAWN ecosystem of malware, as well as other tools like DRYHOOK and PHASEJAM. The deployment of the latter two malware strains has not been attributed to any known threat actor.

Since then, both JPCERT/CC and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have revealed the exploitation of the same vulnerability to deliver updated versions of SPAWN called SPAWNCHIMERA and RESURGE.

Earlier this month, Google-owned Mandiant also revealed that another security flaw in ICS (CVE-2025-22457) has been weaponized to distribute SPAWN, a malware attributed to another Chinese hacking group referred to as UNC5221.

JPCERT/CC said it’s currently not clear if the attacks using DslogdRAT is part of the same campaign involving the SPAWN malware family operated by UNC5221.

The attack sequence outlined by the agency entails the exploitation of CVE-2025-0282 to deploy a Perl web shell, which then serves as a conduit to deploy additional payloads, including DslogdRAT.

DslogdRAT, for its part, initiates contact with an external server over a socket connection to send basic system information and awaits further instructions that allow it to execute shell commands, upload/download files, and use the infected host as a proxy.

Cybersecurity

The disclosure comes as threat intelligence firm GreyNoise warned of a “9X spike in suspicious scanning activity” targeting ICS and Ivanti Pulse Secure (IPS) appliances from more than 270 unique IP addresses in the past 24 hours and over 1,000 unique IP addresses in the last 90 days.

Of these 255 IP addresses have been classified as malicious and 643 have been flagged as suspicious. The malicious IPs have been observed using TOR exit nodes and suspicious IPs are linked to lesser-known hosting providers. The United States, Germany, and the Netherlands account for the top three source countries.

“This surge may indicate coordinated reconnaissance and possible preparation for future exploitation,” the company said. “While no specific CVEs have been tied to this scanning activity yet, spikes like this often precede active exploitation.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers

Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers

Recommended.

Formovie Showcases Advanced Display Technologies and Smart Projector Innovations at CES 2026

Formovie Showcases Advanced Display Technologies and Smart Projector Innovations at CES 2026

January 7, 2026
PLUG DEBUTS MOBILE SERVICE, CREATING AN INSTANT ALTERNATIVE TO OVERPRICED WIRELESS

PLUG DEBUTS MOBILE SERVICE, CREATING AN INSTANT ALTERNATIVE TO OVERPRICED WIRELESS

October 6, 2025

Trending.

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

May 19, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio