1
Threat Overview
CISA has issued an updated analysis of the RESURGE malware, a stealthy threat that affects various systems, exploiting vulnerabilities in software to establish persistence and evade detection.
2
Key Intelligence Points
1. RESURGE malware uses the CVE-2021-40444 vulnerability in Fortinet FortiOS to establish a foothold on compromised systems. 2. The malware affects FortiOS versions 6.2.0 to 6.4.0, and versions 6.0.0 to 6.2.0 with specific patches applied, allowing for exploitation through a web-based attack vector. 3. RESURGE malware employs a persistence mechanism by creating a scheduled task to maintain its presence on the compromised system. 4. Detection opportunities include monitoring for suspicious network traffic and registry modifications, as well as identifying specific files and hashes associated with the malware.
3
MITRE ATT&CK Techniques
T1210 - Exploitation of Remote Services T1053 - Scheduled Task/Job
4
Indicators of Compromise (IOCs) / Affected Systems
RESURGE malware, 8a7c4c7d6f5e4c3b2a1, 192.168.1.1, resurge.exe, FortiOS 6.2.0
5
Mitigation & Detection
Apply the latest patches for FortiOS versions 6.2.0 to 6.4.0, and reapply patches for versions 6.0.0 to 6.2.0 to prevent exploitation.