Skip to main content
close search
site logo

CISA attacked in Ivanti vulnerabilities exploit rush

The nation’s cyber defense agency was hit “about a month ago” by widely exploited vulnerabilities in the popular remote access VPN product.

Published March 11, 2024
Matt Kapko's headshot
Senior Reporter
CISA, cybersecurity, agency
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images

The Cybersecurity and Infrastructure Security Agency was hit by a cyberattack earlier this year after a yet-to-be identified threat actor intruded the agency’s systems by exploiting critical vulnerabilities in Ivanti products.

“About a month ago, CISA identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses,” a CISA spokesperson told Cybersecurity Dive Friday. Threat actors started widely exploiting a pair of zero-day vulnerabilities in Ivanti Connect Secure and other remote access VPNs in early December.

“The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernize our systems, and there is no operational impact at this time,” the spokesperson said.

CISA declined to provide additional details about the attack.

The Infrastructure Protection Gateway and Chemical Security Assessment Tool were reportedly compromised during the attack, according to The Record, which first reported the news.

Federal and international cyber authorities issued a global alert in late February warning that critical vulnerabilities in Ivanti Connect Secure and Policy Secure were still under active exploitation.

CISA ordered federal civilian executive branch agencies to disconnect Ivanti products from agency systems on Feb. 2. By Feb. 6, exploitation was widespread, hitting every exposed Ivanti Connect Secure VPN instance, Shadowserver Foundation CEO Piotr Kijewski told Cybersecurity Dive.

Ivanti released a security patch on Jan. 31 for the zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, after weeks of exploitation activity.

“Ivanti doesn’t have anything further at this time beyond its prior statement and public blog posts,” a spokesperson for Ivanti said Monday.

“This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience,” the CISA spokesperson said. “We strongly urge all organizations to review our latest Ivanti advisory and take the steps outlined in it to protect their systems.”

Editors' picks

Company Announcements

View all | Post a press release
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell