Researchers have identified a malware known as DslogdRAT, which has been exploited following the discovery of a serious vulnerability (CVE-2025-0282) in Ivanti Connect Secure (ICS). This flaw allowed for unauthorized remote code execution and has been utilized by a threat actor group, UNC5337, in attacks targeting organizations in Japan since December 2024. Disturbingly, additional deployment of various malware strains related to the SPAWN ecosystem has been noted, highlighting ongoing cybersecurity threats and the implications of unpatched vulnerabilities.
Cybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS).
The malware, along with a web shell, were installed by exploiting a zero-day vulnerability at that time, CVE-2025-0282, during attacks against organizations in Japan around December 2024.
Collection
[
|
...
]