The US Cybersecurity and Infrastructure Security Agency (CISA) has warned the public about potentially harmful vulnerabilities in Ivanti software products. It even directed US federal entities to shutdown their VPN instances in an emergency. It turns out that CISA itself was hacked, forcing two systems to shut down.

Stanford University attack exposes data of 27,000 individuals.

CISA learned it had been hacked last month and was forced to take two critical computer systems down, according to CNN. One system was in charge of distributing cyber and physical security assessment tools across federal, state, and local authorities. The other contains security assessment information for chemical plants.

The attack had no effect on CISA operations, and two older systems were scheduled for replacement.

According to a study from Recorded Future News, malicious actors exploited vulnerabilities in Ivanti products. Ivanti is a Utah-based software firm that offers IT management and security solutions, including virtual private networking.

For many weeks, CISA has urged an upgrade to the Ivanti software, which was riddled with high and critical severity vulnerabilities.

Malware Campaign Infects 3,900+ Websites Using Popup

On January 10th, Ivanti reported two additional vulnerabilities in its Ivanti Connect Secure (ICS) and Ivanti Policy Secure gateways. Two further vulnerabilities were released on January 31st, and the fifth was revealed on February 8th. Unit 42 claimed that attackers might use the vulnerabilities to launch remote code on vulnerable computers without authentication.

Following the revelations, CISA directed US government agencies to “disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solution products from agency networks as soon as possible and by 11:59 PM on Friday, February 2nd, 2024.”

It is unclear who was behind the CISA breach. According to private experts who talked with CNN, Chinese entities were seen abusing known weaknesses.

source