Vulnerability cyber

Ivanti

Apr 2, 2025 1 min read
Ivanti

Chinese espionage threat actors exploited a vulnerability in Ivanti's security products, leading to the deployment of powerful malware known as Resurge. This malware campaign, detailed by the Cybersecurity and Infrastructure Security Agency (CISA) and cybersecurity firm Mandiant, has resulted in compromised system integrity and data breaches. The malware's capability to modify files, harvest credentials, create accounts, reset passwords, and escalate permissions poses a significant security threat. Ivanti has advised customers to reset devices and credentials, evidencing the severity of this security breach.

Source: https://therecord.media/cisa-alert-ivanti-bug-resurge-malware

TPRM report: https://scoringcyber.rankiteo.com/company/ivanti

"id": "iva1001040225",
"linkid": "ivanti",
"type": "Vulnerability",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Security Software',
                        'name': 'Ivanti',
                        'type': 'Company'}],
 'attack_vector': 'Exploitation of Vulnerability',
 'data_breach': {'type_of_data_compromised': ['Credentials',
                                              'Account Information']},
 'description': 'Chinese espionage threat actors exploited a vulnerability in '
                "Ivanti's security products, leading to the deployment of "
                'powerful malware known as Resurge. This malware campaign, '
                'detailed by the Cybersecurity and Infrastructure Security '
                'Agency (CISA) and cybersecurity firm Mandiant, has resulted '
                'in compromised system integrity and data breaches. The '
                "malware's capability to modify files, harvest credentials, "
                'create accounts, reset passwords, and escalate permissions '
                'poses a significant security threat. Ivanti has advised '
                'customers to reset devices and credentials, evidencing the '
                'severity of this security breach.',
 'impact': {'data_compromised': 'Credentials, Account Information',
            'operational_impact': 'Compromised system integrity'},
 'motivation': 'Espionage',
 'references': [{'source': 'Cybersecurity and Infrastructure Security Agency '
                           '(CISA)'},
                {'source': 'Mandiant'}],
 'response': {'remediation_measures': ['Reset devices and credentials'],
              'third_party_assistance': ['CISA', 'Mandiant']},
 'threat_actor': 'Chinese espionage threat actors',
 'title': 'Chinese Espionage Exploits Ivanti Security Products',
 'type': 'Malware',
 'vulnerability_exploited': "Vulnerability in Ivanti's security products"}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.