US CISA Breached by Hackers

Hackers breached the systems run by the US Cybersecurity and Infrastructure Security Agency (CISA) and these were hacked in February by hackers using bugs in Ivanti products.

And the CISA has now confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the US cyber security agency.

Ivanti appliances have been under sustained attack this year from multiple threat groups, including at least one cyber group from China.  
 
Since January, the vendor has issued patches for 5 problems affecting its Connect Secure, Policy Secure, and Neurons for Zero Trust Access products.

The day before CISA confirmed two of its systems were breached, Check Point researchers identified a new threat group, called Magnet Goblin, as the latest cyber gang observed abusing the bugs to attack Connect Secure appliances.

“About a month ago CISA identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses," a CISA spokesperson said in a statement supplied to media over the weekend.

“The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernise our systems, and there is no operational impact at this time.”

The breach was first reported by The Record, a news site by cyber security firm Recorded Future. Citing a source with knowledge of the situation, The Record said the CISA systems that hackers breached were the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT).

The IP Gateway was officially renamed the CISA Gateway in 2020 and is a web portal used to collect, analyze, and disseminate government information about critical infrastructure. Similarly, CSAT is a portal for information about chemical facilities.

CISA declined to confirm or deny whether the two portals were the systems taken offline as a result of the breach.

“This is a reminder that any organisation can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience,” the agency’s spokesperson said.

CISA said organisations should review an Advisory Notice it issued with several partner agencies on Feb. 29 regarding the Ivanti vulnerabilities.

The advisory said that organisations might not detect breaches because threat actors were able to deceive Ivanti’s internal and external Integrity Checker Tool (ICT).

As a result, CISA and its partner agencies said they “strongly urge all organizations to consider the significant risk of adversary access to, and persistence on, Ivanti Connect Secure and Ivanti Policy Secure gateways when determining whether to continue operating these devices in an enterprise environment."

Meanwhile, Check Point researchers said their tracking of “the recent wave of Ivanti exploitation” resulted in the discovery of a threat actor they called Magnet Goblin, a financially motivated gang adept at leveraging 1-day vulnerabilities, bugs that have been disclosed but not yet patched.

Two earlier vulnerabilities prompted CISA to order all federal civilian agencies in the US to disconnect Ivanti Connect Secure and Policy Secure products by February 2. CISA later updated its advisory on February 9 to say that products could be turned back on after they were patched.

SC Magazine     |     The Record     |     CISA     |     Ivanti     |     Techtarget     |     Techradar

__________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« 2024 & Beyond: Top Six Cloud Security Trends:
French Government Suffers Severe Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cybsecurity Foundation (CSF)

Cybsecurity Foundation (CSF)

Cybsecurity is a non-profit NGO, which aims to work on improvement of security levels in the Polish cyberspace.

Quotium

Quotium

Quotium provides automated testing technologies to make business software applications secure and robust.

RKH Specialty

RKH Specialty

RKH Specialty, part of the Hyperion Insurance Group, is a provider of specialty insurance services including Cyber Risk cover.

Galois

Galois

Galois specializes in the research and development of new technologies that solve the most difficult problems in computer science.

BetterCloud

BetterCloud

BetterCloud puts IT in control of the modern workplace through user lifecycle management, data discovery, and IT and security automation purpose-built for SaaS.

Blue Lights Digital

Blue Lights Digital

Blue Lights Digital have developed a range of platforms to support digital investigations, as well as providing continued support and education for investigations professionals.

Paygilant

Paygilant

Paygilant’s disruptive technology is designed to protect mobile payment  financial transactions against fraudulent attacks, whether executed by NFC, QR code, P2P or in-app.

PECB

PECB

PECB is a certification body for persons, management systems, and products on a wide range of international standards in a range of areas including Information Security and Risk Management.

TI Safe

TI Safe

TI Safe provide cybersecurity solutions for industrial networks of main critical infrastructures in Latin America.

IPQualityScore (IPQS)

IPQualityScore (IPQS)

IPQS anti-fraud tools provide a real-time fraud score to analyze how likely a user or visitor is to engage in fraudulent behavior.

Checksum Consultancy

Checksum Consultancy

Checksum Consultancy specializes in Information security, Risk management, and IT governance.

Zen360Consult

Zen360Consult

Zen360Consult provides Advisory and Training services in the field of Cyber Resilience, which includes Cyber Security /ISMS and Business Continuity.

Red4Sec

Red4Sec

Red4Sec are experts in ethical hacking, audits of web and mobile applications, code audits, cryptocurrency audits, perimeter security and incident response.

Cyber Capital Partners

Cyber Capital Partners

Cyber Capital Partners build strategic and financial partnerships with small and mid-sized cybersecurity companies in highly regulated markets.

OneStep Group

OneStep Group

OneStep Group are a leading Australian provider of information and communications technology (ICT) services, connecting businesses through technology solutions and support.

Staley Technologies

Staley Technologies

Staley Technologies is a US nationwide structured cabling, technology integrator, and Managed IT & Cyber Security provider.