Kojima said.

Details About DslogdRAT Malware

The DslogdRAT is a remote access trojan (RAT) that allows attackers to maintain control over infected systems, execute commands remotely, download further payloads, and exfiltrate sensitive data.

According to researchers from JPCERT/CC and Kaspersky, this newly discovered RAT executes after exploiting a zero-day vulnerability in Ivanti Connect Secure – also identified as CVE-2025-0282.

The vulnerability allows attackers to bypass security mechanisms and gain unauthorized access to systems.

The Ivanti Connect Secure is software widely used to provide secure remote access to corporate networks.

Several global organizations and industries, including many in Japan, leverage this software, which shows the potential spread and impact of this vulnerability.

The Ivanti ICS Zero-Day CVE-2025-0282

CVE-2025-0282 refers to a zero-day vulnerability found in the Ivanti Connect Secure software.

It enables remote code execution, allowing an attacker to execute arbitrary commands within the context of a privileged process.

This vulnerability became particularly alarming because of its perfect 10/10 CVSS score.

Furthermore, due to this score and its significant usage, attackers targeting this flaw could have potentially huge impacts on government organizations, industrial infrastructures, and corporate networks.

Exploitation of the Ivanti ICS Zero-Day

The investigation reveals that the attackers exploited the Ivanti Connect Secure vulnerabilities to plant a web shell, creating a backdoor that enables remote operations on the infected server.

After the initial compromise, the attackers deployed DslogdRAT as a follow-up payload, giving them independent command and control of the targeted systems.

Impact on Japan

Researchers have identified that multiple critical infrastructures, including several in Japan, have been hit using this malware deployment method.

The sectors primarily targeted by these attacks include energy, transportation, and telecommunications.

These escalating attacks raise severe concern for the nation’s cyber defense strategies.

Practical Security Measures

It’s crucial to patch the Ivanti ICS promptly to defend against the DslogdRAT malware and any other potential exploit against this vulnerability.

Furthermore, enforcing strong password policies, monitoring network traffic, and implementing advanced threat detection tools can help protect against similar threats.

Follow-Up Reading

For more detailed information on this topic, check out the following links:

1. JPCERT/CC’s official website – contains research and updates on various cybersecurity threats
2. Kaspersky’s official blog – provides insights on the latest security threats and vulnerabilities
3. NIST’s official vulnerability database – presents information about the Ivanti ICS vulnerability