The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a new malware named RESURGE that targets a fixed vulnerability in Ivanti Connect Secure appliances, known as CVE-2025-0282. This malware incorporates advanced functionalities from the SPAWNCHIMERA variant, enabling it to function as a rootkit and backdoor among other roles. Experts from Mandiant attribute its use to a Chinese espionage group, further complicating cybersecurity measures. Unlike its predecessor, RESURGE can manipulate integrity checks and set up web shells, significantly raising the stakes for defenders.
RESURGE is an evolution of SPAWNCHIMERA, designed to exploit vulnerabilities in Ivanti Connect Secure, demonstrating capabilities as a rootkit, backdoor, tunnel, and bootkit.
The vulnerability CVE-2025-0282, impacting Ivanti appliances, allows for remote code execution and has been weaponized by a China-nexus espionage group called UNC5337.
CISA highlights that RESURGE can survive reboots and alter its behavior through distinctive commands—creating advanced challenges for cybersecurity defenders.
Recent modifications in RESURGE enhance its evasion capabilities, incorporating features that allow it to patch security vulnerabilities to deter other attackers.
Collection
[
|
...
]