379 new backdoored instances found on 2025-01-22:
https://dashboard.shadowserver.org/statistics/combined/tree/?day=2025-01-22&source=compromised_website&source=compromised_website6&tag=cve-2025-0282%2B&geo=all&data_set=count&scale=log
Data shared daily in our Compromised Website report https://www.shadowserver.org/what-we-do/network-reporting/compromised-website-report/ tagged 'backdoor;ivanti-connect-secure'
Dashboard tracker: https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=7&source=compromised_website&source=compromised_website6&tag=backdoor%2B&dataset=unique_ips&limit=1000&group_by=geo&style=stacked
Make sure to investigate your Ivanti Connect Secure instance if you receive an alert from us! CISA Cyber (npub1e4q…v25r) mitigation advice is a good start https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-0282
Thank you to Traficomin Kyberturvallisuuskeskus (npub1duv…vh97) for the insights and detection methods!
