Source: www.databreachtoday.com – Author: 1
Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Governance & Risk Management
Cybersecurity Agency Says ‘No Operational Impact’
Chris Riotta (@chrisriotta) •
March 8, 2024
The U.S. Cybersecurity and Infrastructure Security Agency apparently had a good reason to urge federal agencies to reset vulnerable Ivanti VPN devices: Hackers breached two gateways used by CISA, forcing the agency to yank them offline.
See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors
An agency official told Information Security Media Group on Friday afternoon the hacking “was limited to two systems” and added the agency “immediately took offline” the affected VPNs as it worked to mitigate any ongoing vulnerabilities.
The Record, which first reported the hack, cited a “source with knowledge of the situation” to report that the affected systems connected to the Infrastructure Protection Gateway and the Chemical Security Assessment Tool. The IP Gateway is a portal containing data such as security assessments of national significant critical infrastructure, and the CSAT houses private sector chemical security plans.
“CISA identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses” in February, a spokesperson said. “We continue to upgrade and modernize our systems, and there is no operational impact at this time.”
The agency has warned that hackers are stealing account credentials stored inside Ivanti gateways.
CISA last month gave federal agencies a midnight, Feb. 2 deadline for performing a factory reset on Ivanti devices amid a flurry of hacking against the Utah manufacturer’s products instigated in December by Chinese nation-state hackers (see: Feds Face a Midnight Deadline for Resetting Ivanti Gateways).
Although the hacking wave may have started in Beijing, other threat actors with diverse motives including cryptomining took the January disclosure of zero-days as a reason to start their own rounds of illicit penetration. Their chances grew amid glitches with Ivanti’s integrity checker tool and the disclosure of three additional zero-days in late January and early February.
CISA on Feb. 29 warned that hackers could preserve access to a compromised device even after a factory reset – findings that Ivanti disputed by arguing that CISA’s findings don’t reproduce in production environments. “Outside of a lab environment, this action would break the connection with the box, and thus would not gain persistence,” an Ivanti spokesperson said at the time (see: Ivanti Disputes CISA Findings of Post-Factory Reset Hacking).
An agency spokesperson on Friday described its own cyberattack as “a reminder that any organization can be affected by a cyber vulnerability,” and added that “having an incident response plan in place is a necessary component of resilience.”
Original Post url: https://www.databreachtoday.com/hackers-compromised-ivanti-devices-used-by-cisa-a-24566
Category & Tags: –
