According to officials, threat actors breached Cybersecurity and Infrastructure Security Agency (CISA) systems by exploiting vulnerabilities in Ivanti products as early as February.
The suspicious activity was first identified a month ago in two systems that had been taken offline, a CISA spokesperson noted, but it is unclear who was behind the incident and whether any data was accessed or stolen .
THE two systems taken offline they were reportedly the Infrastructure Protection Gateway and the Chemical Security Assessment Tool (CSAT), although CISA has not confirmed this.
CISA recommends organizations review a notice issued in late February regarding three Ivanti Vulnerabilityidentified as CVE-2023-46805, CVE-2024-21887 and CVE-2024-21893. These are part of the Ivanti Connect Secure and Ivanti Policy Secure gateway.
In addition to this, CISA reported that, in its case, Ivanti’s ICT failed to identify any compromises in its incident response efforts. Hackers were able to steal credentials on these Ivanti devices and, in some cases, even gain access to the entire compromised domain. Several leading cybersecurity agencies urge all organizations to be wary of these gateway tools due to the risks they pose in an enterprise environment.
CISA reports that there is currently no operational impact, but that “this reminds us that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience.”