Chinese cyberespionage operations have been targeting Ivanti Connect Secure VPN appliances impacted by the zero-day flaw tracked as CVE-2025-0282 since the middle of December, according to The Record, a site sponsored by Recorded Future.
A Jan. 8 blog post by Mandiant said the attacks exploiting the vulnerability aimed to compromise databases with credentials, API keys, VPN sessions, and certificates.
"Defenders should be prepared for widespread, opportunistic exploitation, likely targeting credentials and the deployment of web shells to provide future access," wrote the researchers. "Additionally, if proof-of-concept exploits for CVE-2025-0282 are created and released, Mandiant assesses it is likely additional threat actors may attempt targeting Ivanti Connect Secure appliances."
