The Cybersecurity and Infrastructure Security Agency (CISA) is warning of an Ivanti vulnerability being exploited by threat actors. The malicious actors are using a file called “Resurge” in the attacks, which creates a Secure Shell (SSH) tunnel for command and control (C2). The malware can modify files and manipulate integrity checks, allowing it to harvest credentials, create accounts, and escalate privileges. In order to use this malware, attackers are exploiting an Ivanti vulnerability to gain access to Ivanti Connect Secure (ICS) devices. 

Read more: https://www.darkreading.com/cyberattacks-data-breaches/cisa-warns-resurge-malware-ivanti-vuln