Multiple US agencies could have been hacked due to Ivanti flaws

hacker targeting a PC
(Image credit: Shutterstock)

Security flaws in Ivanti's VPN products could have allowed cybercriminals to breach at least five federal agencies according to an investigation carried out by the US Department of Homeland Security (DHS).

DHS' Cybersecurity and Infrastructure Security Agency (CISA) has been working alongside organizations that have been targeted by hackers exploiting vulnerabilities in Ivanti's Pulse Connect Secure VPN products. The IT software company only recently began offering VPN services to its customers when it acquired Pulse Secure back in September of last year.

In addition to working alongside affected organizations, CISA has also begun requiring federal civilian agencies to run Pulse Secure Connect's Security Integrity Tool, which was developed by Ivanti's Product Security Incident Response Team, to ensure the integrity of their software.

Deputy executive assistant director at CISA, Matt Harman provided further details on how the agency is working with organizations to verify the integrity of their VPN software in a statement to Bloomberg, saying:

“CISA is aware of at least five federal civilian agencies who have run the Pulse Connect Secure Integrity Tool and identified indications of potential unauthorized access. We are working with each agency to validate whether an intrusion has occurred and will offer incident response support accordingly.”  

Targeting federal agencies

While Harman did not name any of the US federal agencies that have been targeted outright, the cybersecurity firm FireEye recently attributed the cyberattacks to hackers believed to be based in China.

According to the company's SVP and CTO Charles Carmakal, the hackers in question used a vulnerability in Pulse Connect Secure to hack into dozens of organizations in order to carry out espionage. Although CISA has not formally attributed these attacks to Chinese-based hackers, the US did recently confirm suspicions that Russia was behind last year's Solar Winds hack.

So far organizations in the financial services, government and defense contracting industries have been targeted through security flaws in Pulse Connect Secure. However, Carmakal and FireEye's security researchers have also observed organizations in the transportation, energy, professional services and telecommunications sectors that were also targeted.

To Ivanti's credit, the company has been working closely with both CISA and cybersecurity experts to investigate and respond to “malicious activity” which was identified on a “very limited number of customers systems”.

Via Bloomberg

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.