Beware the VPN Menace: New Malware ‘Dryhook’ & ‘Phasejam’ Strike Ivanti Users!
Hackers are exploiting a critical Ivanti Connect Secure zero-day vulnerability to install new malware, Dryhook and Phasejam. This flaw, CVE-2025-0282, impacts older versions of Ivanti Connect Secure and Policy Secure. While the breach scope is limited, attackers have been using this vulnerability since December to infiltrate systems.
Hot Take:
It seems hackers have decided to throw a malware costume party, and guess what? Dryhook and Phasejam are the surprise guests! While Ivanti’s Connect Secure is caught in the crossfire, the cybersecurity world is left wondering if this is a case of mistaken identity or just a new malware clique trying to make a name for themselves. Either way, the only thing scarier than these new malware names is the potential data they could pilfer from unsuspecting victims.
Key Points:
- Hackers are exploiting a zero-day vulnerability in Ivanti Connect Secure VPN appliances.
- New malware, Dryhook and Phasejam, have been discovered but are not linked to any known threat group.
- The CVE-2025-0282 vulnerability impacts several Ivanti products but has limited customer impact.
- The attack involves a sophisticated chain using custom malware tools like Spawn.
- Mandiant recommends factory resets and upgrades to mitigate the attack risk.