Summary: CISA has published a Malware Analysis Report (MAR) with analysis and associated detection signatures on a new malware variant CISA has identified as RESURGE. RESURGE contains capabilities of the SPAWNCHIMERA malware variant, including surviving reboots; however, RESURGE contains distinctive commands that alter its behavior.
Analyst Note: RESURGE malware has been associated with the exploitation of a stack-based overflow vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways (CVE-2025-0282). If your utility uses any of the Ivanti Connect Secure appliances mentioned, WaterISAC urges users and administrators to implement the Mitigation Instructions for CVE-2025-0282, as well as the listed actions outlined in CISA’s published alert.
Original Source: https://www.cisa.gov/news-events/analysis-reports/ar25-087a
Additional Reading:
Mitigation Recommendations:
- CISA Mitigation Instructions for CVE-2025-0282
- Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-0282, CVE-2025-0283)
Related WaterISAC PIRs: 6, 7, 7.1, 10, 12
