US CISA Breached by Hackers

Uploaded on 2024-03-14 in FREE TO VIEW, TECHNOLOGY--Hackers

Hackers breached the systems run by the US Cybersecurity and Infrastructure Security Agency (CISA) and these were hacked in February by hackers using bugs in Ivanti products.

And the CISA has now confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the US cyber security agency.

Ivanti appliances have been under sustained attack this year from multiple threat groups, including at least one cyber group from China.  
 
Since January, the vendor has issued patches for 5 problems affecting its Connect Secure, Policy Secure, and Neurons for Zero Trust Access products.

The day before CISA confirmed two of its systems were breached, Check Point researchers identified a new threat group, called Magnet Goblin, as the latest cyber gang observed abusing the bugs to attack Connect Secure appliances.

“About a month ago CISA identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses," a CISA spokesperson said in a statement supplied to media over the weekend.

“The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernise our systems, and there is no operational impact at this time.”

The breach was first reported by The Record, a news site by cyber security firm Recorded Future. Citing a source with knowledge of the situation, The Record said the CISA systems that hackers breached were the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT).

The IP Gateway was officially renamed the CISA Gateway in 2020 and is a web portal used to collect, analyze, and disseminate government information about critical infrastructure. Similarly, CSAT is a portal for information about chemical facilities.

CISA declined to confirm or deny whether the two portals were the systems taken offline as a result of the breach.

“This is a reminder that any organisation can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience,” the agency’s spokesperson said.

CISA said organisations should review an Advisory Notice it issued with several partner agencies on Feb. 29 regarding the Ivanti vulnerabilities.

The advisory said that organisations might not detect breaches because threat actors were able to deceive Ivanti’s internal and external Integrity Checker Tool (ICT).

As a result, CISA and its partner agencies said they “strongly urge all organizations to consider the significant risk of adversary access to, and persistence on, Ivanti Connect Secure and Ivanti Policy Secure gateways when determining whether to continue operating these devices in an enterprise environment."

Meanwhile, Check Point researchers said their tracking of “the recent wave of Ivanti exploitation” resulted in the discovery of a threat actor they called Magnet Goblin, a financially motivated gang adept at leveraging 1-day vulnerabilities, bugs that have been disclosed but not yet patched.

Two earlier vulnerabilities prompted CISA to order all federal civilian agencies in the US to disconnect Ivanti Connect Secure and Policy Secure products by February 2. CISA later updated its advisory on February 9 to say that products could be turned back on after they were patched.

SC Magazine     |     The Record     |     CISA     |     Ivanti     |     Techtarget     |     Techradar

__________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« 2024 & Beyond: Top Six Cloud Security Trends:
French Government Suffers Severe Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Firebrand

Firebrand

Firebrand is the leader in Accelerated Learning in the field of IT and project management.

Morphisec

Morphisec

Morphisec's world leading prevention-first software stops ransomware and other advanced attacks from endpoint to the cloud.

VerifyMe

VerifyMe

VerifyMe is a global technology solutions company delivering brand protection offerings to mitigate counterfeiting, product diversion, and illicit trade.

Neoteric Networks

Neoteric Networks

We deliver a no nonsense procedure to implementing technology. The technology selection process ensures that all customers enjoy an engineered methodology implementing technology.

Sentropi

Sentropi

Sentropi is an online protection solution against charge backs, account takeovers, identity thefts and online scams.

Haventec

Haventec

Haventec’s internationally patented technologies reduce cyber risk and enable pervasive trust services with a decentralised approach to authentication.

Securden

Securden

Securden provide an all-in-one Platform for Next-Gen Privileged Access Governance, helping you to prevent identity thefts, malware propagation, cyber attacks, and insider exploitation.

Selectron Systems

Selectron Systems

Selectron offers system solutions for automation in rail vehicles and support in dealing with your railway cyber security challenges.

Two Six Technologies

Two Six Technologies

Two Six Technologies delivers R&D, innovation, productization and implementation expertise in cyber, data science, mobile, microelectronics and information operations.

UK Cyber Security Council (UKCSC)

UK Cyber Security Council (UKCSC)

The role of The UK Cyber Security Council is to champion the cybersecurity profession across the UK, provide representation for the industry, accelerate awareness and promote excellence.

Devolutions

Devolutions

Devolutions make best-in-class Privileged Access Management, Password Management, and Remote Connection Management solutions available to ALL organizations — including SMBs.

DigitalWell

DigitalWell

DigitalWell provide fully managed IT and communications solutions for a truly innovative end-to-end experience - for your customers and teams.

Deloitte

Deloitte

Deloitte is a multinational professional services firm providing audit, consulting, financial advisory, risk management, tax, and related services to clients.

Endure Secure

Endure Secure

Endure Secure is a managed cyber security & information security consultancy. Our passion for IS and our understanding of the threat landscape is reflected in the services that we provide.

Secolve

Secolve

Secolve is Australia’s next generation OT specialist cyber security firm, working with key industries to protect the nation’s critical infrastructure.

CrashPlan

CrashPlan

CrashPlan provides peace of mind through secure, scalable, and straightforward endpoint data backup.