CISA confirms it was breached by attackers using Ivanti flaws, some systems taken offline

News
By published

Two major systems were breached, CISA admits

Red padlock open on electric circuits network dark red background
(Image credit: Shutterstock/Chor muang)

One of the organizations compromised through a recently-discovered flaw in Ivanti products was, ironically enough, the US government's Cybersecurity and Infrastructure Security Agency (CISA).

Confirmation of the breach came from CISA itself, as well as from an anonymous source “with knowledge of the situation”, with a CISA spokesperson telling The Record the organization “identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses”.

“The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernize our systems, and there is no operational impact at this time,” the spokesperson said. As they shared no further details, the publication spoke to an anonymous source familiar with the matter, who claimed that the systems breached, and subsequently turned off, included the Infrastructure Protection (IP) Gateway, and the Chemical Security Assessment Tool (CSAT).

Ivanti's 2024 woes

The former holds “critical information” about the interdependency of U.S. infrastructure, while the latter holds “private sector chemical security plans”. CSAT holds “some of the country’s most sensitive industrial information”, the publication further claimed, saying that includes the Top Screen tool for high-risk chemical facilities, Site Security Plans, and the Security Vulnerability Assessment. 

Unfortunately, we don’t know if this was a ransomware attack, and if the attackers actually stole any of the sensitive data allegedly stored on these endpoints. Furthermore, the identity of the attacks is also unknown, but if it was ransomware, it’s most likely either LockBit, BlackCat (ALPHV), or Cl0p. 

News of security flaws in Ivanti products first broke in early January 2024, when the company announced addressing a critical vulnerability in its Endpoint Management Software (EPM), allowing for remote code execution (RCE). In the weeks to come, Ivanti found a handful of additional flaws, which were later found to be abused en-masse, by different threat actors looking to deploy various malware and infostealers. 

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
CISA tells agencies to patch BeyondTrust bug now
Representational image depecting cybersecurity protection
Ivanti reveals major security update, so make sure you're protected
vpn
Ivanti warns another critical security flaw is being attacked
Representational image depecting cybersecurity protection
CISA says Oracle and Mitel have critical security flaws being exploited
China US flags cropped
CISA says ‘no indication’ other US government agencies affected in Treasury hack
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
A phone showing a ChatGPT app error message
ChatGPT was down for many – here's what happened
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
inZOI.

inZOI early access is the most disappointed I’ve been with a game in years
See more latest
Most Popular
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
A screenshot from Indiana Jones and the Great Circle showing Indiana Jones
Indiana Jones and the Great Circle finally gets PS5 release date and I can't wait to don the fedora and crack the whip
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 25 (game #387)