According to officials, threat actors exploited vulnerabilities in Ivanti products to breach the systems of the Cybersecurity and Infrastructure Security Agency (CISA) in February. The breach, detected a month ago, impacted two systems—Infrastructure Protection Gateway and the Chemical Security Assessment Tool (CSAT)—which were subsequently taken offline. However, it remains unclear whether any data was accessed or stolen, and the perpetrators behind the incident are unknown.
CISA advises organizations to review its late February advisory concerning three Ivanti vulnerabilities (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893) associated with Ivanti Connect Secure and Ivanti Policy Secure gateways. Additionally, CISA noted instances where Ivanti ICT failed to detect compromise during incident response engagements, allowing hackers to obtain credentials and achieve full domain compromise in some cases.
While CISA reports no operational impact presently, it underscores the importance of having an incident response plan to enhance organizational resilience against cyber vulnerabilities. This incident serves as a reminder to all organizations about the critical need for proactive cybersecurity measures in today’s digital landscape.