Security Bite: Hackers Hacked CISA, Forced Agency to Shut Down Some Systems

CISA reports that two systems were compromised in February through vulnerabilities in Ivanti products. In response, the agency had to shut down both systems, which reportedly had a critical connection to US infrastructure.

9to5Mac Security Bite is provided exclusively by Mosyle, Apple's only unified platform. Everything we do is to ensure Apple devices are ready and secure in the enterprise. Our unique integrated approach to management and security combines Apple's most advanced security solutions to fully automate the security and safety of your data. Compliance, next-gen EDR, AI-powered zero trust, and exclusive privilege management with the most powerful and advanced Apple MDM on the market. The result is Apple's fully automated, unified platform, now trusted by more than 45,000 organizations, to provision millions of Apple devices effortlessly and affordably. Request an EXTENDED TRIALtoday and see why Mosyle is all you need for your Apple experience.

What is CISA?

The Cybersecurity and Infrastructure Security Agency (CISA) is the government agency responsible for the major improvement in USA. general state of cybersecurity. It was created within the Department of Homeland Security (DHS) in November 2018, primarily in response to growing concerns about cyber threats and the protection of critical infrastructure.

Two CISA systems compromised

A CISA spokesperson confirmed the breach in a statement, saying the hackers gained access by exploiting vulnerabilities in Ivanti's internal tools. The Utah-based company provides IT security and systems management software to approximately 40,000 customers, from large organizations to government agencies around the world, according to its website.

“The impact was limited to two systems that we immediately disconnected from the network. “CISA said. “We continue to update and upgrade our systems and there are no operational impacts at this time.” The agency did not specify whether the data was accessed or stolen.

The Record, which first reported the incident, citing a source familiar with the matter, said the hackers breached two systems that were part of the Infrastructure Protection (IP) Gateway, which stores critical data and tools used to assess critical US infrastructure. . and the Chemical Safety Assessment Tool (CSAT). The latter contains part of the territory of the United States’ most sensitive industry information, including which chemical facilities are identified as high risk, facility security plans, and security vulnerability assessments.

It is important to note, however, that CISA has not yet confirmed or denied these specific systems were taken offline.

While it is not immediately clear who is behind the attack, we know it was due to recent vulnerabilities affecting Ivanti Connect Secure VPN and Ivanti Policy Secure. products discovered by none other than CISA.

Ironically, the agency had previously warned about vulnerabilities in Ivanti software. On February 1, he ordered all US government agencies to disable Ivanti Connect Secure and Ivanti Policy Secure. Just a few weeks later, he notified organizations that attackers were exploiting multiple Ivanti vulnerabilities CVE-2023-46805, CVE-2024-21887 and CVE-2024-21893.

A CISA spokesperson told The Record that the hack was not impacted the agency's operations.

“This is a reminder that any organization can be affected by a cyber vulnerability, and having an incident response plan is a necessary component of resilience,” CISA adds.

Follow Arin: Twitter/X, Threads, LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *