Ivanti Zero-Day Vulnerability Exploited by RESURGE Malware

byTechTag -
0

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a new malware variant named RESURGE, which exploits a critical zero-day vulnerability, CVE-2025-0282, in Ivanti's Connect Secure, Policy Secure, and ZTA Gateway products. This vulnerability, disclosed and patched in January 2025, allows unauthenticated attackers to execute arbitrary code remotely.

Ivanti-Connect-Secure-Faille-zero-day-CVE-2025-0282

Details of the RESURGE Malware:

  • Capabilities: RESURGE functions as a rootkit, dropper, backdoor, bootkit, proxy, and tunneler. It can survive system reboots and includes commands to modify files, manipulate integrity checks, and create web shells on the compromised device.
  • Deployment: The malware is associated with the exploitation of CVE-2025-0282 in Ivanti Connect Secure appliances.

Recommended Actions for Organizations:

  • Apply Patches: Ensure that all Ivanti products are updated with the latest security patches addressing CVE-2025-0282.
  • Conduct Threat Hunting:
  1. Run an external Integrity Checker Tool (ICT) as guided by Ivanti.
  2. Perform threat hunting on systems connected to the affected Ivanti devices.
  • Factory Reset: For the highest level of confidence, conduct a factory reset of the affected devices. For cloud and virtual systems, use an external known clean image for the reset.
  • Monitor and Audit: Continuously monitor authentication or identity management services that could be exposed and audit privileged access accounts.
  • Incident Response: If compromise is detected, report immediately to CISA and Ivanti to initiate forensic investigation and incident response activities.

Organizations utilizing Ivanti's Connect Secure, Policy Secure, and ZTA Gateway products should prioritize these actions to mitigate potential threats posed by the RESURGE malware. Staying vigilant and proactive in applying security updates and monitoring network activity is crucial in defending against such exploits.

👇Sources👇

https://www.securityweek.com/cisa-analyzes-malware-used-in-ivanti-connect-secure-zero-day-attacks/?utm_source=chatgpt.com

https://www.cisa.gov/news-events/alerts/2025/03/28/cisa-releases-malware-analysis-report-resurge-malware-associated-ivanti-connect-secure?utm_source=chatgpt.com

https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-0282?utm_source=chatgpt.com

https://www.govinfosecurity.com/rootkit-backdoor-tunneler-ivanti-malware-does-all-a-27881

Tags

Ces posts pourraient vous intéresser

Enregistrer un commentaire

Plus récente Plus ancienne