DslogdRAT Malware: A Sneaky Cyberattack Exploiting Ivanti ICS Zero-Day - #CVE-2025-0282
A critical vulnerability (CVE-2025-0282) in Ivanti Connect Secure VPN appliances has been exploited by a Chinese APT group, impacting nearly 20 industries across 12 countries. The attackers utilized sophisticated malware tools, including SPAWNCHIMERA and DslogdRAT, to maintain persistent access and evade detection. The DslogdRAT malware, discovered by JPCERT/CC, operates stealthily within business hours and communicates with C2 servers using XOR encoding. This global cyberattack campaign, which began in late 2024, has raised significant concerns about data theft and network control. Security firms have observed a surge in scanning activity targeting Ivanti systems, potentially indicating future exploitation attempts. Organizations are strongly advised to patch vulnerabilities, conduct thorough incident investigations, and implement robust cybersecurity measures to mitigate risks from these sophisticated threats.