In a recent cybersecurity breach, the US Cybersecurity and Infrastructure Security Agency (CISA) fell victim to hackers who exploited vulnerabilities in Ivanti products. CISA officials confirmed the breach, stating that the agency detected suspicious activity indicating the exploitation of Ivanti product vulnerabilities approximately a month ago.
The breach impacted two critical systems within CISA's infrastructure, prompting immediate action to take them offline, Recorded Future News reported.
The compromised systems reportedly include the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT), although CISA has neither confirmed nor denied these reports. The CSAT, in particular, houses sensitive industrial information critical to national security, including data on high-risk chemical facilities and security assessments.
According to a CISA spokesperson, there has been no operational impact reported thus far. The agency declined to provide specific details regarding the perpetrators of the breach, potential data breaches, or the exact systems taken offline.
While CISA remains tight-lipped on the extent of the breach, it urges organizations to heed its advisory issued on February 29, warning of ongoing exploitation of Ivanti product vulnerabilities (CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893).
CISA and other authorities strongly advise organizations to reassess the risks associated with operating Ivanti Connect Secure and Ivanti Policy Secure gateways in enterprise environments.
Cybersecurity firm CheckPoint warned in its recent report that a financially motivated threat actor called “Magnet Goblin” is targeting public-facing servers with one-day vulnerabilities to deploy Linux backdoors and credential stealers. Additionally, multiple threat actors were observed targeting the Ivanti flaws, including the Chinese state-sponsored threat actor UNC5221/UTA0178, and attacks delivering the Rust-based KrustyLoader malware.
