Summary: Advanced threat actors are exploiting a newly disclosed zero-day vulnerability in Ivanti Connect Secure (ICS) VPN appliances, allowing for unauthenticated remote code execution. The vulnerabilities, CVE-2025-0282 and CVE-2025-0283, pose significant risks to network security, with active exploitation reported since mid-December 2024.
Threat Actor: UNC5337 | UNC5337
Victim: Ivanti Connect Secure Users | Ivanti Connect Secure Users
Key Point :
- Exploitation of CVE-2025-0282 allows unauthenticated remote code execution, compromising entire networks.
- Attackers utilize sophisticated methods, including reconnaissance and deployment of custom malware families like SPAWNSNAIL and PHASEJAM.
- Immediate actions recommended include patching, running the Integrity Checker Tool, and performing factory resets on compromised appliances.