US CISA Systems Breached: Cybersecurity Measures Under Review

March 9, 2024

In an unsettling development, two vital systems of the US Cybersecurity and Infrastructure Security Agency (CISA) were compromised earlier this year. The breach, which occurred in February, was first disclosed by Recorded Future News. As a result of the incident, the agency was compelled to shut down two of its key systems, according to a spokesperson for CISA and US officials privy to the situation, as reported by CNN.

One of the breached systems plays a pivotal role in enabling the exchange of cyber and physical security assessment tools among federal, state, and local officials. The other system contained data pertaining to the security assessment of chemical facilities. The compromised systems, as reported by Recorded Future News citing an informed source, were the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT). The CSAT harbors sensitive industrial data, including the Top Screen tool for high-risk chemical facilities, Site Security Plans, and the Security Vulnerability Assessments.

A representative from CISA, while speaking to Recorded Future News, revealed that the initial probe conducted by government experts pointed towards the exploitation of vulnerabilities in Ivanti products used by the agency. The spokesperson was quoted saying, “The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernize our systems, and there is no operational impact at this time,” further adding, “This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience.”

Interestingly, CISA had earlier issued warnings to US organizations about attacks exploiting vulnerabilities in Ivanti software. On February 1st, CISA directed federal agencies to disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. This marked the first such directive since its inception. Towards the end of February, CISA once again alerted organizations that threat actors were exploiting multiple vulnerabilities (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893) in Ivanti Connect Secure and Policy Secure Gateways. However, the agency refrained from sharing specifics about the attack or attributing it to a particular threat actor. A CISA spokesperson, in conversation with CNN, assured that the security breach did not disrupt the agency's operations.

Related News

• Five Eyes Intelligence Alliance Issues Warning on Ivanti Gateway Vulnerabilities
• CISA Warns of Persistent Threats on Hacked Ivanti VPN Appliances Even After Factory Resets
• Chinese Cyber Espionage Clusters Exploit Ivanti VPN Vulnerabilities to Deploy New Malware
• Critical Security Flaws Leave Over 13,000 Ivanti Gateways at Risk
• Ivanti SSRF Flaw Exploited by Hackers to Deploy New DSLog Backdoor

Latest News

• Critical Vulnerability in Fortinet Systems Could Affect 150,000 Devices
• QNAP Alerts Users about Critical Authentication Bypass Vulnerability in NAS Devices
• Stealthy Exploits Target Atlassian Confluence: In-Memory Web Shells Deployed
• CISA Highlights Active Exploitation of JetBrains TeamCity Software Vulnerability
• Cisco Addresses High-Severity Vulnerabilities in its VPN Product