Beware RESURGE: The Malware Menace Targeting Ivanti Devices with China-Linked Espionage
CISA warns of RESURGE malware exploiting a patched Ivanti flaw. This sneaky software is an upgrade from SPAWNCHIMERA, featuring new commands to alter behavior and enhance stealth. Linked to a China-nexus espionage group, it’s a wake-up call for organizations to update their Ivanti systems and batten down the cybersecurity hatches.
Hot Take:
Looks like the cyber baddies are at it again, this time with a malware remix called RESURGE. They’ve gone from dropping beats to dropping backdoors, all while patching their own vulnerabilities. Talk about covering your tracks! It’s like the evil twin of a software update. Quick, someone call the nerd squad, we need all systems patched pronto!
Key Points:
- New malware, RESURGE, targets Ivanti Connect Secure (ICS) with added features over its predecessor, SPAWNCHIMERA.
- RESURGE is linked to CVE-2025-0282, a vulnerability enabling remote code execution.
- China-linked espionage group UNC5337 is suspected of leveraging this malware.
- RESURGE can establish web shells for credential harvesting and privilege escalation.
- Organizations are urged to patch ICS products, reset credentials, and monitor for suspicious activity.
Already a member? Log in here