Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Hackers Compromised Ivanti Devices Used by CISA | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | #hacking | #aihp

Cyberwarfare / Nation-State Attacks
Fraud Management & Cybercrime
Governance & Risk Management

Cybersecurity Agency Says ‘No Operational Impact’

The U.S. Cybersecurity and Infrastructure Security Agency says hackers compromised two of its Ivanti gateways (Image: Shutterstock)

The U.S. Cybersecurity and Infrastructure Security Agency apparently had a good reason to urge federal agencies into resetting vulnerable Ivanti VPN devices: Hackers breached two gateways used by CISA, forcing the agency to yank them offline.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

An agency official told Information Security Media Group Friday afternoon the hacking “was limited to two systems” and added the agency “immediately took offline” the impacted VPNs as it worked to mitigate any ongoing vulnerabilities.

The Record, which first reported the hack, cited a “source with knowledge of the situation” to report that the affected systems connected to the Infrastructure Protection Gateway and the Chemical Security Assessment Tool. The IP Gateway is a portal containing data such as security assessments of national significant critical infrastructure while the CSAT houses private sector chemical security plans.

“CISA identified activity indicating the exploistation of vulnerabilities in Ivanti products the agency uses” in February, a spokesperson said. “We continue to upgrade and modernize our systems, and there is no operational impact at this time.”

The agency has warned that hackers are stealing account credentials stored inside Ivanti gateways.

CISA last month gave federal agencies a midnight, Feb. 2 deadline for performing a factory reset on Ivanti devices amid a flurry of hacking against the Utah manufacture’s products instigated in December by Chinese nation-state hackers (see: Feds Face a Midnight Deadline for Resetting Ivanti Gateways).

Although the hacking wave may have started in Beijing, other threat actors with diverse motives including crypto mining took the January disclosure of zero days to start their own rounds of illicit penetration. Their chances grew amid glitches with Ivanti’s integrity checker tool and the disclosure of three additional zero days in late January in early February.

CISA on Feb. 29 warned that hackers could preserve access to a compromised device even after a factory reset – findings that Ivanti disputed by arguing that CISA’s findings don’t reproduce in production environments. “Outside of a lab environment, this action would break the connection with the box, and thus would not gain persistence,” an Ivanti spokesperson said at the time (see: Ivanti Disputes CISA Findings of Post-Factory Reset Hacking).

An agency spokesperson on Friday described its own cyberattack as “a reminder that any organization can be affected by a cyber vulnerability,” and added that “having an incident response plan in place is a necessary component of resilience.”

Click Here For The Original Source.