You are here

(TLP:CLEAR) CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure

(TLP:CLEAR) CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure

TLP:CLEAR
Created: Thursday, April 3, 2025 - 14:53
Categories:
Cybersecurity, Federal & State Resources, Security Preparedness

Summary: CISA has published a Malware Analysis Report (MAR) with analysis and associated detection signatures on a new malware variant CISA has identified as RESURGE. RESURGE contains capabilities of the SPAWNCHIMERA malware variant, including surviving reboots; however, RESURGE contains distinctive commands that alter its behavior.

Analyst Note: RESURGE malware has been associated with the exploitation of a stack-based overflow vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways (CVE-2025-0282). If your utility uses any of the Ivanti Connect Secure appliances mentioned, WaterISAC urges users and administrators to implement the Mitigation Instructions for CVE-2025-0282, as well as the listed actions outlined in CISA’s published alert.

Original Source: https://www.cisa.gov/news-events/analysis-reports/ar25-087a

Additional Reading:

Mitigation Recommendations:

Related WaterISAC PIRs: 6, 7, 7.1, 10, 12