HB Ad Slot
HB Mobile Ad Slot
CISA Issues Malware Analysis Report on RESURGE Malware
Thursday, April 3, 2025

On March 28, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released a Malware Analysis Report (MAR) on RESURGE malware, which is associated with the product Ivanti Connect Secure.

According to the MAR, “RESURGE contains capabilities of the SPAWNCHIMERA malware variant, including surviving reboots; however, RESURGE contains distinctive commands that alter its behavior. These commands:

  • Create a web shell, manipulate integrity checks, and modify files.
  • Enable the use of web shells for credential harvesting, account creation, password resets, and escalating permissions.
  • Copy the web shell to the Ivanti running boot disk and manipulate the running coreboot image.”

To address the vulnerability, CISA recommends that users and administrators:

  • Consider a factory reset.
  • Follow Ivanti’s recommended recovery steps.
  • Reset credentials of all accounts.
  • Reset passwords for all domain users and local accounts.
  • Review access policies to temporarily revoke access for affected devices.
  • Reset account credentials or access keys.
  • Monitor related accounts, especially administrative accounts.
  • Report incidents and anomalous activity to CISA.

The MAR is an important read for any businesses using Ivanti Connect Secure, Policy Secure, and ZTA Gateways.

HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up for any (or all) of our 25+ Newsletters.

 

Sign Up for any (or all) of our 25+ Newsletters