Ivanti Device Drama: RESURGE Malware Hacks Faster Than a 90s Dial-Up!
CISA’s latest report dives into the whimsical world of RESURGE malware, discovered on Ivanti Connect Secure devices. This malware is like SPAWNCHIMERA’s mischievous cousin, creating SSH tunnels for C2, tampering with logs, and even throwing a web shell party on the boot disk. RESURGE brings a lot to the table—just not the table you want.
Hot Take:
In a plot twist that feels like a cybersecurity soap opera, hackers have apparently decided that Ivanti Connect Secure devices needed a makeover. Enter RESURGE, the malware with more tricks than a magician at a kid’s birthday party. With a penchant for creating SSH tunnels, modifying files, and even creating its own web shell, RESURGE seems to be on a mission to become the next big thing in malware fashion. Move over, SPAWNCHIMERA; there’s a new villain in town, and it’s here to manipulate logs, toy with integrity checks, and maybe even bake cookies while it’s at it.
Key Points:
- RESURGE creates an SSH tunnel for command and control, similar to SPAWNCHIMERA.
- The malware can modify files, manipulate integrity checks, and create a web shell.
- SPAWNSLOTH variant tampers with device logs to cover its tracks.
- A third file uses BusyBox to download and execute payloads on compromised devices.
- RESURGE is identified as a backdoor, dropper, rootkit, and bootkit.