US CISA Breached by Hackers

Uploaded on 2024-03-14 in FREE TO VIEW, TECHNOLOGY--Hackers

Hackers breached the systems run by the US Cybersecurity and Infrastructure Security Agency (CISA) and these were hacked in February by hackers using bugs in Ivanti products.

And the CISA has now confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the US cyber security agency.

Ivanti appliances have been under sustained attack this year from multiple threat groups, including at least one cyber group from China.  
 
Since January, the vendor has issued patches for 5 problems affecting its Connect Secure, Policy Secure, and Neurons for Zero Trust Access products.

The day before CISA confirmed two of its systems were breached, Check Point researchers identified a new threat group, called Magnet Goblin, as the latest cyber gang observed abusing the bugs to attack Connect Secure appliances.

“About a month ago CISA identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses," a CISA spokesperson said in a statement supplied to media over the weekend.

“The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernise our systems, and there is no operational impact at this time.”

The breach was first reported by The Record, a news site by cyber security firm Recorded Future. Citing a source with knowledge of the situation, The Record said the CISA systems that hackers breached were the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT).

The IP Gateway was officially renamed the CISA Gateway in 2020 and is a web portal used to collect, analyze, and disseminate government information about critical infrastructure. Similarly, CSAT is a portal for information about chemical facilities.

CISA declined to confirm or deny whether the two portals were the systems taken offline as a result of the breach.

“This is a reminder that any organisation can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience,” the agency’s spokesperson said.

CISA said organisations should review an Advisory Notice it issued with several partner agencies on Feb. 29 regarding the Ivanti vulnerabilities.

The advisory said that organisations might not detect breaches because threat actors were able to deceive Ivanti’s internal and external Integrity Checker Tool (ICT).

As a result, CISA and its partner agencies said they “strongly urge all organizations to consider the significant risk of adversary access to, and persistence on, Ivanti Connect Secure and Ivanti Policy Secure gateways when determining whether to continue operating these devices in an enterprise environment."

Meanwhile, Check Point researchers said their tracking of “the recent wave of Ivanti exploitation” resulted in the discovery of a threat actor they called Magnet Goblin, a financially motivated gang adept at leveraging 1-day vulnerabilities, bugs that have been disclosed but not yet patched.

Two earlier vulnerabilities prompted CISA to order all federal civilian agencies in the US to disconnect Ivanti Connect Secure and Policy Secure products by February 2. CISA later updated its advisory on February 9 to say that products could be turned back on after they were patched.

SC Magazine     |     The Record     |     CISA     |     Ivanti     |     Techtarget     |     Techradar

__________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« 2024 & Beyond: Top Six Cloud Security Trends:
French Government Suffers Severe Cyber Attacks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

OCERT

OCERT

OCERT is the National Computer Emergency Response Team of Oman.

Kenna Security

Kenna Security

Kenna Security is a risk intelligence & vulnerability management platform that helps prioritize and remediate vulnerabilities.

LEXFO

LEXFO

LEXFO specializes in the security of information systems, assisting clients in protecting information assets using an offensive and innovative approach.

Cybersecurity Collaborative

Cybersecurity Collaborative

CyberSecurity Collaborative is a forum for CISOs to share information that will collectively make us stronger, and better equipped to protect our enterprises from those seeking to damage them.

Ecubel

Ecubel

Ecubel is the market leader in Belgium in buying and selling used IT harware guaranteed by a certified data erasure.

World Informatix Cyber Security (WICS)

World Informatix Cyber Security (WICS)

World Informatix Cyber Security provides a range of cyber security services to protect valuable information assets to global business and governments.

Precursor Security

Precursor Security

Precursor Security are information security specialist, delivering all aspects of Security testing, Cyber Risk Management, and Continuous Security Testing.

R-Tech

R-Tech

R-Tech GmbH manages the digital start-up initiative, whose goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

Aegis Security

Aegis Security

Aegis Security helps clients to secure their systems against potential threats through pre-emptive measures, such as security assessments, and cutting-edge solutions to security challenges.

Fullstack Academy

Fullstack Academy

A trailblazer in bootcamp education, Fullstack Academy prepares students for fulfilling careers in tech through our NYC campus, online learning, and university partnerships.

Occentus Network

Occentus Network

Occentus Network is a telecommunications service provider specialized in High Availability Servers & managed Cloud services.

FTI Consulting

FTI Consulting

FTI Consulting is a global business advisory firm dedicated to helping organizations manage change, mitigate risk and resolve disputes.

Mantodea Security

Mantodea Security

Mantodea Security is an industry-agnostic powerhouse backed by extensive experience and expertise in the realm of IT security.

Mogwai Labs

Mogwai Labs

Mogwai Labs deliver cutting-edge penetration tests, security assessments and trainings, to safeguard your applications, networks and cloud environments from cyber threats.

Disecto Technologies

Disecto Technologies

At Disecto, we provide SaaS based Data Discovery, Classification and a remediation solution for data privacy compliance.

Texaport

Texaport

Texaport's vision is to be the trusted partner of choice for organisations seeking comprehensive IT management and cutting-edge security solutions.