Ivanti Breach Prompts CISA to Take Systems Offline

According to officials, threat actors breached the Cybersecurity and Infrastructure Security Agency's (CISA) systems using Ivanti product vulnerabilities back in February.

Suspicious activity was first identified a month ago in two systems that were taken offline, a CISA spokesperson noted, but it is unclear who was behind the incident and whether any data was accessed or stolen.

The two systems taken offline were reportedly the Infrastructure Protection Gateway and the Chemical Security Assessment Tool (CSAT), though CISA has not confirmed this.

CISA recommends that organizations review an advisory it released in late February regarding three Ivanti vulnerabilities, identified as CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. These are part of the Ivanti Connect Secure and Ivanti Policy Secure gateways.

In addition to this, CISA reported that in its case, the Ivanti ICT failed to detect compromise in incident response engagements. The hackers were able to steal credentials on these Ivanti devices and even access full domain compromise, in some cases. Several leading cybersecurity agencies urge all organizations to be wary of these gateway tools because of the risks that they pose in an enterprise environment.

CISA reports that there is no operational impact at this time but that "this is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience."