{"id":3152,"date":"2025-04-25T15:32:48","date_gmt":"2025-04-25T14:32:48","guid":{"rendered":"https:\/\/aegislens.com\/home\/?p=3152"},"modified":"2025-04-25T15:32:48","modified_gmt":"2025-04-25T14:32:48","slug":"unmasking-the-dslogdrat-malware-exploiting-ivanti-ics-zero-day-cve-2025-0282-in-japan-cyber-attacks","status":"publish","type":"post","link":"https:\/\/aegislens.com\/home\/unmasking-the-dslogdrat-malware-exploiting-ivanti-ics-zero-day-cve-2025-0282-in-japan-cyber-attacks\/","title":{"rendered":"Unmasking the DslogdRAT Malware: Exploiting Ivanti ICS Zero-Day CVE-2025-0282 in Japan Cyber Attacks"},"content":{"rendered":"<p>Kojima said.<\/p>\n<h1>Details About DslogdRAT Malware<\/h1>\n<p>The DslogdRAT is a remote access trojan (RAT) that allows attackers to maintain control over infected systems, execute commands remotely, download further payloads, and exfiltrate sensitive data.<\/p>\n<p>According to researchers from JPCERT\/CC and Kaspersky, this newly discovered RAT executes after exploiting a zero-day vulnerability in Ivanti Connect Secure &#8211; also identified as CVE-2025-0282.<\/p>\n<p>The vulnerability allows attackers to bypass security mechanisms and gain unauthorized access to systems.<\/p>\n<p>The Ivanti Connect Secure is software widely used to provide secure remote access to corporate networks.<\/p>\n<p>Several global organizations and industries, including many in Japan, leverage this software, which shows the potential spread and impact of this vulnerability.<\/p>\n<h2>The Ivanti ICS Zero-Day CVE-2025-0282<\/h2>\n<p>CVE-2025-0282 refers to a zero-day vulnerability found in the Ivanti Connect Secure software.<\/p>\n<p>It enables remote code execution, allowing an attacker to execute arbitrary commands within the context of a privileged process.<\/p>\n<p>This vulnerability became particularly alarming because of its perfect 10\/10 CVSS score.<\/p>\n<p>Furthermore, due to this score and its significant usage, attackers targeting this flaw could have potentially huge impacts on government organizations, industrial infrastructures, and corporate networks.<\/p>\n<h3>Exploitation of the Ivanti ICS Zero-Day<\/h3>\n<p>The investigation reveals that the attackers exploited the Ivanti Connect Secure vulnerabilities to plant a web shell, creating a backdoor that enables remote operations on the infected server.<\/p>\n<p>After the initial compromise, the attackers deployed DslogdRAT as a follow-up payload, giving them independent command and control of the targeted systems.<\/p>\n<h4>Impact on Japan<\/h4>\n<p>Researchers have identified that multiple critical infrastructures, including several in Japan, have been hit using this malware deployment method.<\/p>\n<p>The sectors primarily targeted by these attacks include energy, transportation, and telecommunications.<\/p>\n<p>These escalating attacks raise severe concern for the nation&#8217;s cyber defense strategies.<\/p>\n<h5>Practical Security Measures<\/h5>\n<p>It&#8217;s crucial to patch the Ivanti ICS promptly to defend against the DslogdRAT malware and any other potential exploit against this vulnerability.<\/p>\n<p>Furthermore, enforcing strong password policies, monitoring network traffic, and implementing advanced threat detection tools can help protect against similar threats.<\/p>\n<h6>Follow-Up Reading<\/h6>\n<p>For more detailed information on this topic, check out the following links:<\/p>\n<p>1. <a href=\"https:\/\/www.jpcert.or.jp\/english\/\">JPCERT\/CC&#8217;s official website<\/a> &#8211; contains research and updates on various cybersecurity threats<br \/>\n2. <a href=\"https:\/\/www.kaspersky.com\/about\/press-releases\/2025kaspersky-discovers-zero-day-exploit-in-desktop-window-manager\">Kaspersky&#8217;s official blog<\/a> &#8211; provides insights on the latest security threats and vulnerabilities<br \/>\n3. <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-0282\">NIST&#8217;s official vulnerability database<\/a> &#8211; presents information about the Ivanti ICS vulnerability<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Kojima said. Details About DslogdRAT Malware The DslogdRAT is a remote access trojan (RAT) that<\/p>\n","protected":false},"author":1,"featured_media":3153,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"pmpro_default_level":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2,5],"tags":[],"class_list":["post-3152","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-news","pmpro-has-access"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/posts\/3152","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/comments?post=3152"}],"version-history":[{"count":1,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/posts\/3152\/revisions"}],"predecessor-version":[{"id":3382,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/posts\/3152\/revisions\/3382"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/media\/3153"}],"wp:attachment":[{"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/media?parent=3152"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/categories?post=3152"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/tags?post=3152"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}