Google: Chinese Hackers Likely Behind Ivanti Vpn Zero-day Attacks
Thumbnail
Summary: Hackers are exploiting a critical zero-day vulnerability in Ivanti Connect Secure, identified as CVE-2025-0282, to deploy new malware called ‘Dryhook’ and ‘Phasejam’ on compromised VPN appliances. This vulnerability allows attackers to gain unauthorized access and potentially steal sensitive information from affected systems.

Threat Actor: UNC5337 | UNC5337
Victim: Ivanti Connect Secure | Ivanti Connect Secure

Key Point :

  • Attackers exploit CVE-2025-0282 to gain initial access to the system.
  • New malware families ‘Dryhook’ and ‘Phasejam’ are deployed, with ‘Phasejam’ acting as a dropper for a web shell.
  • Malware is designed to evade detection by modifying system files and recalculating file hashes.
  • Attackers aim to steal sensitive data such as VPN session information and credentials.
  • System administrators are advised to perform factory resets and upgrade to the latest version to mitigate risks.

Source: https://www.bleepingcomputer.com/news/security/google-chinese-hackers-likely-behind-ivanti-vpn-zero-day-attacks/