12 March 2024

US cybersecurity agency takes systems offline after Ivanti compromise


US cybersecurity agency takes systems offline after Ivanti compromise

In a recent cybersecurity breach, the US Cybersecurity and Infrastructure Security Agency (CISA) fell victim to hackers who exploited vulnerabilities in Ivanti products. CISA officials confirmed the breach, stating that the agency detected suspicious activity indicating the exploitation of Ivanti product vulnerabilities approximately a month ago.

The breach impacted two critical systems within CISA's infrastructure, prompting immediate action to take them offline, Recorded Future News reported.

The compromised systems reportedly include the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT), although CISA has neither confirmed nor denied these reports. The CSAT, in particular, houses sensitive industrial information critical to national security, including data on high-risk chemical facilities and security assessments.

According to a CISA spokesperson, there has been no operational impact reported thus far. The agency declined to provide specific details regarding the perpetrators of the breach, potential data breaches, or the exact systems taken offline.

While CISA remains tight-lipped on the extent of the breach, it urges organizations to heed its advisory issued on February 29, warning of ongoing exploitation of Ivanti product vulnerabilities (CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893).

CISA and other authorities strongly advise organizations to reassess the risks associated with operating Ivanti Connect Secure and Ivanti Policy Secure gateways in enterprise environments.

Cybersecurity firm CheckPoint warned in its recent report that a financially motivated threat actor called “Magnet Goblin” is targeting public-facing servers with one-day vulnerabilities to deploy Linux backdoors and credential stealers. Additionally, multiple threat actors were observed targeting the Ivanti flaws, including the Chinese state-sponsored threat actor UNC5221/UTA0178, and attacks delivering the Rust-based KrustyLoader malware.

Back to the list

Latest Posts

Iranian hackers exploit RMM tools to deliver malware

Iranian hackers exploit RMM tools to deliver malware

One of the aspects of MuddyWater's strategy involves exploiting Atera's free trial offers.
24 April 2024
Ongoing malware campaign targets multiple industries, distributes infostealers

Ongoing malware campaign targets multiple industries, distributes infostealers

The campaign leverages a CDN cache domain as a download server, hosting malicious HTA files and payloads.
24 April 2024
US charges four Iranian hackers for cyber intrusions

US charges four Iranian hackers for cyber intrusions

The group targeted both both government and private entities.
24 April 2024