The Cybersecurity and Infrastructure Security Agency (CISA) announced in February that two systems were hacked using vulnerabilities in Ivanti products. In response, the agency had to shut down both systems, which reportedly had critical connections to U.S. infrastructure.
9to5Mac Security Bite is offered exclusively by: Mosyle, the only Apple integrated platform. We're all about making Apple devices ready to use and secure for enterprise use. Our unique, integrated approach to management and security delivers state-of-the-art Apple-specific security solutions for fully automated enforcement and compliance, next-generation EDR, AI-powered Zero Trust, and exclusive privilege management. , combined with the most powerful and modern Apple MDM. It's on the market. The result is the fully automated Apple Unified Platform, which is now trusted by more than 45,000 organizations and powers millions of Apple devices effortlessly and affordably. Masu. Request an extended trial Find out why Mosyle is all about working with Apple today.
A CISA spokesperson acknowledged the violation in a statement. The agency said the hackers gained access by exploiting vulnerabilities in internal Ivanti tools. The Utah-based company provides his IT security and systems management software to about 40,000 customers around the world, from large organizations to government agencies, according to its website.
“The impact was limited to two systems, which were immediately taken offline,” CISA said. We continue to upgrade and modernize our systems and there are no operational impacts at this time. ” The agency did not say whether the data was accessed or stolen.
The Record, which first reported the incident, cited sources familiar with the situation as saying the hackers were using Infrastructure Protection (IP), which stores critical data and tools used to assess critical infrastructure in the United States. It said it had compromised two systems that are part of Gateway. and Chemical Security Assessment Tool (CSAT). The latter contains the United States' most sensitive industrial information, including which chemical facilities are designated as high risk, site security plans, and security vulnerability assessments.
However, it is important to note that CISA has not yet confirmed or denied whether these specific systems were taken offline.
It is not immediately clear who is behind this attack, but the attack was carried out through a recent vulnerability affecting the Ivanti Connect Secure VPN and Ivanti Policy Secure products discovered by none other than CISA. I know.
Ironically, authorities had previously warned about vulnerabilities in Ivanti software. On February 1st, we ordered all US government agencies to disconnect Ivanti Connect Secure and Ivanti Policy Secure. Just a few weeks later, we formally alerted organizations that threat actors were exploiting multiple vulnerabilities in Ivanti: CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893.
A CISA spokesperson told The Record that the hack did not impact CISA operations.
“This is a reminder that any organization can be affected by cyber vulnerabilities, and having an incident response plan in place is a necessary element of resilience,” CISA added.
Follow Allin: Twitter/Xthreads, LinkedIn
FTC: We use automated affiliate links that generate income. more.