Summary: Hackers are exploiting a critical zero-day vulnerability in Ivanti Connect Secure, identified as CVE-2025-0282, to deploy new malware called ‘Dryhook’ and ‘Phasejam’ on compromised VPN appliances. This vulnerability allows attackers to gain unauthorized access and potentially steal sensitive information from affected systems.
Threat Actor: UNC5337 | UNC5337
Victim: Ivanti Connect Secure | Ivanti Connect Secure
Key Point :
- Attackers exploit CVE-2025-0282 to gain initial access to the system.
- New malware families ‘Dryhook’ and ‘Phasejam’ are deployed, with ‘Phasejam’ acting as a dropper for a web shell.
- Malware is designed to evade detection by modifying system files and recalculating file hashes.
- Attackers aim to steal sensitive data such as VPN session information and credentials.
- System administrators are advised to perform factory resets and upgrade to the latest version to mitigate risks.