The Cybersecurity and Infrastructure Security Agency (CISA) says two systems were hacked in February through vulnerabilities in Ivanti products. In response, the agency had to shut down both systems, which reportedly had critical ties to U.S. infrastructure.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
A CISA spokesperson confirmed the breach in a statement. The agency stated that hackers gained access by exploiting vulnerabilities in internal Ivanti tools. The Utah-based firm provides IT security and systems management software to some 40,000 customers, from large organizations to government agencies worldwide, per its website.
“The impact was limited to two systems, which we immediately took offline,” CISA stated. We continue to upgrade and modernize our systems, and there is no operational impact at this time.” The agency didn’t specify whether data had been accessed or stolen.
The Record, which first reported on the incident, cited a source with knowledge of the situation as saying the hackers compromised two systems that were part of the Infrastructure Protection (IP) Gateway, which houses critical data and tools used to assess critical U.S. infrastructure, and the Chemical Security Assessment Tool (CSAT). The latter houses some of the United States’ most sensitive industrial information, including which chemical facilities are designated high-risk, Site Security Plans, and Security Vulnerability Assessments.
However, it’s important to note that CISA has not yet confirmed or denied whether these specific systems were taken offline.
While it’s not immediately clear who’s behind the attack, we do know it happened through the recent vulnerabilities affecting Ivanti Connect Secure VPN and Ivanti Policy Secure products, discovered by none other than CISA.
Ironically, the agency previously warned about vulnerabilities in Ivanti software. On February 1, it ordered all U.S. government agencies to disconnect Ivanti Connect Secure and Ivanti Policy Secure. Just weeks later, it officially alerted the organizations that threat actors were exploiting multiple Ivanti vulnerabilities CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893.
A CISA spokesperson told The Record that the hack did not impact operations at the agency.
“This is a reminder that any organization can be affected by a cyber vulnerability, and having an incident response plan in place is a necessary component of resilience,” CISA adds.
Follow Arin: Twitter/X, Threads, LinkedIn
FTC: We use income earning auto affiliate links. More.