CISA has not confirmed which two systems it took offline or what kind of data was accessed.

Dark Reading Staff, Dark Reading

March 11, 2024

1 Min Read
The CISA logo
Source: GK Images via Alamy Stock Photo

According to officials, threat actors breached the Cybersecurity and Infrastructure Security Agency's (CISA) systems using Ivanti product vulnerabilities back in February.

Suspicious activity was first identified a month ago in two systems that were taken offline, a CISA spokesperson noted, but it is unclear who was behind the incident and whether any data was accessed or stolen.

The two systems taken offline were reportedly the Infrastructure Protection Gateway and the Chemical Security Assessment Tool (CSAT), though CISA has not confirmed this.

CISA recommends that organizations review an advisory it released in late February regarding three Ivanti vulnerabilities, identified as CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. These are part of the Ivanti Connect Secure and Ivanti Policy Secure gateways.

In addition to this, CISA reported that in its case, the Ivanti ICT failed to detect compromise in incident response engagements. The hackers were able to steal credentials on these Ivanti devices and even access full domain compromise, in some cases. Several leading cybersecurity agencies urge all organizations to be wary of these gateway tools because of the risks that they pose in an enterprise environment.

CISA reports that there is no operational impact at this time but that "this is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights