Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new zero-day vulnerability, CVE-2025-0282, in Ivanti Connect Secure VPN appliances has been exploited since mid-December 2024. The vulnerability allows unauthenticated remote code execution. Attackers have deployed multiple malware families, including SPAWN, DRYHOOK, and PHASEJAM, to maintain persistence, steal credentials, and evade detection. The attacks involve disabling security features, injecting web shells, blocking system upgrades, and performing network reconnaissance. Multiple threat actors may be involved, with some activity attributed to China-nexus groups UNC5337 and UNC5221. Ivanti has released patches and recommends customers use their Integrity Checker Tool and implement security measures.
OPENCTI LABELS :
vpn,ivanti,credential theft,phasejam,dryhook,spawnsloth,spawnant
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation