Malware Identified in Attacks Exploiting Ivanti Connect Secure Vulnerabilities
JPCERT/CC Eyes previously introduced the malware SPAWNCHIMERA and DslogdRAT, which were deployed by exploiting vulnerabilities in Ivanti Connect Secure. At JPCERT/CC, we have continued to observe active exploitation of these vulnerabilities. In this report, we explain the following malware, tools, and penetration tactics used by attackers leveraging CVE-2025-0282 and CVE-2025-22457 in attacks observed from December 2024 to the present, July 2025.
- MDifyLoader
- Cobalt Strike Beacon
- vshell
- Fscan
To read the complete article see: JPCERT report.\n
This post is licensed under CC BY 4.0 by the author.