Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed the presence of a new malware, RESURGE, targeting vulnerabilities in Ivanti Connect Secure appliances. This malware exploits a recently patched security flaw (CVE-2025-0282) and has capabilities enhancing its evasion and operational effectiveness. It is linked to espionage activities potentially conducted by state-sponsored threat actors.
Affected: Ivanti Connect Secure, Ivanti Policy Secure, Ivanti Neurons for ZTA gateways
Keypoints:
- RESURGE incorporates features from the SPAWNCHIMERA variant, facilitating reboots and altering behaviors through distinctive commands.
- Attacks exploit the CVE-2025-0282 vulnerability, leading to potential remote code execution.
- The malware has advanced capabilities for credential harvesting, manipulation of logs, and modifying coreboot images.
- Threat groups, notably linked to China, are refining their tactics, underscoring the urgency for organizations to patch their devices.
- Organizations are advised to reset account credentials, review access policies, and monitor accounts for unusual activities.
Source: https://thehackernews.com/2025/03/resurge-malware-exploits-ivanti-flaw.html