The Cybersecurity and Infrastructure Security Agency (CISA) released a Malware Analysis Report on a new malware variant, RESURGE, which is linked to Ivanti Connect Secure. RESURGE, which shares some capabilities with the SPAWNCHIMERA malware, including the ability to survive reboots, has distinct commands that enable it to create a web shell, manipulate integrity checks, and modify files. These actions allow the malware to harvest credentials, create accounts, reset passwords, and escalate privileges. RESURGE exploits the CVE-2025-0282 vulnerability in Ivanti Connect Secure appliances, which was added to CISA’s Known Exploited Vulnerabilities Catalog in January 2025. In response to this threat, CISA recommends several mitigation actions, including performing a factory reset using a known clean image for cloud and virtual systems, resetting all credentials (especially privileged accounts), and reviewing access policies to temporarily revoke privileges for affected devices. Additionally, CISA advises organizations to monitor administrative accounts for signs of unauthorized access. For further guidance, consult Ivanti’s recovery instructions and CISA’s Alert.