Mar 31, 02:20 PM

CISA Warns of RESURGE Malware Exploiting Ivanti Flaw (CVE-2025-0282); Russian Gamaredon Group Targets Ukraine with Remcos RAT

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the RESURGE malware, which exploits a vulnerability in Ivanti VPNs identified as CVE-2025-0282. This malware is characterized by its rootkit, bootkit, and web shell features, posing a threat to critical infrastructure. CISA has advised users to patch their systems, specifically those running Ivanti versions earlier than 22.7R2.5. In a related development, Russian hackers linked to the Gamaredon group are using fake military documents to deploy the Remcos Remote Access Trojan (RAT) on Ukrainian systems. This operation involves a series of deceptive tactics, including ZIP files and PowerShell scripts, to gain full access to targeted systems. Additionally, another Russian group, Water Gamayun, is exploiting a Windows zero-day vulnerability (CVE-2025-26633) to deploy backdoors named SilentPrism and DarkWisp, using signed MSI files masquerading as legitimate applications. CISA has also added a flaw in Cisco's Smart Licensing Utility to its Known Exploited Vulnerabilities catalog, further highlighting ongoing cybersecurity threats.

#CISA #Ivanti #Russian #Gamaredon #Remcos Remote Access Trojan #RAT #Ukrainian #ZIP #PowerShell #Water Gamayun #Windows #SilentPrism #DarkWisp #MSI #Cisco #Smart Licensing Utility #Known Exploited Vulnerabilities

Written with ChatGPT (GPT-4o mini).

Sources

Additional media

Image #1 for story cisa-warns-resurge-malware-exploiting-ivanti-flaw-cve-2025-0282-russian-group-ba8e58a8

Image #2 for story cisa-warns-resurge-malware-exploiting-ivanti-flaw-cve-2025-0282-russian-group-ba8e58a8

CISA Warns of RESURGE Malware Exploiting Ivanti Flaw (CVE-2025-0282); Russian Gamaredon Group Targets Ukraine with Remcos RAT

Sources

Additional media

Similar Stories