CISA Analyzes Malware Used in Ivanti Zero-Day Attacks
securityweekCISA has published its analysis of Resurge, a SpawnChimera malware variant used in attacks targeting a recent Ivanti Connect Secure zero-day.
The US cybersecurity agency CISA on Friday published its analysis of the malware used by Chinese hackers in attacks exploiting an Ivanti Connect Secure zero-day patched in January 2025.
The issue, tracked as CVE-2025-0282 (CVSS score of 9.0), is described as a stack-based buffer overflow enabling attackers to execute arbitrary code remotely, without authentication.
Ivanti announced patches for the bug on January 8, warning of its active exploitation. The next day, Mandiant revealed that it had been exploited in the wild since December 2024, by a China-linked espionage group tracked as UNC5221.
The threat actor, known to have targeted other Ivanti VPN vulnerabilities before, exploited CVE-2025-0282 to deploy malware from the Spawn family, which includes the SpawnAnt installer, the SpawnMole tunneler, and the SpawnSnail SSH backdoor.
On February ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE