March 31, 2025 By Zeljka Zorz
CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who breached Ivanti Connect Secure VPN appliances in December 2024 by exploiting the CVE-2025-0282 zero-day.
The updated mitigation instructions stress the importance of conducting a factory reset of all devices – even those where threat hunting did not reveal evidence of compromise – as well as a factory reset of cloud and virtual systems using an external known clean image of the device.
“CISA updated these mitigations based on identification of a new malware variant called RESURGE that could undermine the effectiveness of the mitigations previously provided,” the US Cybersecurity and Infrastructure Security Agency noted.
