US CISA Breached by Hackers

Uploaded on 2024-03-14 in FREE TO VIEW, TECHNOLOGY--Hackers

Hackers breached the systems run by the US Cybersecurity and Infrastructure Security Agency (CISA) and these were hacked in February by hackers using bugs in Ivanti products.

And the CISA has now confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the US cyber security agency.

Ivanti appliances have been under sustained attack this year from multiple threat groups, including at least one cyber group from China.  
 
Since January, the vendor has issued patches for 5 problems affecting its Connect Secure, Policy Secure, and Neurons for Zero Trust Access products.

The day before CISA confirmed two of its systems were breached, Check Point researchers identified a new threat group, called Magnet Goblin, as the latest cyber gang observed abusing the bugs to attack Connect Secure appliances.

“About a month ago CISA identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses," a CISA spokesperson said in a statement supplied to media over the weekend.

“The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernise our systems, and there is no operational impact at this time.”

The breach was first reported by The Record, a news site by cyber security firm Recorded Future. Citing a source with knowledge of the situation, The Record said the CISA systems that hackers breached were the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT).

The IP Gateway was officially renamed the CISA Gateway in 2020 and is a web portal used to collect, analyze, and disseminate government information about critical infrastructure. Similarly, CSAT is a portal for information about chemical facilities.

CISA declined to confirm or deny whether the two portals were the systems taken offline as a result of the breach.

“This is a reminder that any organisation can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience,” the agency’s spokesperson said.

CISA said organisations should review an Advisory Notice it issued with several partner agencies on Feb. 29 regarding the Ivanti vulnerabilities.

The advisory said that organisations might not detect breaches because threat actors were able to deceive Ivanti’s internal and external Integrity Checker Tool (ICT).

As a result, CISA and its partner agencies said they “strongly urge all organizations to consider the significant risk of adversary access to, and persistence on, Ivanti Connect Secure and Ivanti Policy Secure gateways when determining whether to continue operating these devices in an enterprise environment."

Meanwhile, Check Point researchers said their tracking of “the recent wave of Ivanti exploitation” resulted in the discovery of a threat actor they called Magnet Goblin, a financially motivated gang adept at leveraging 1-day vulnerabilities, bugs that have been disclosed but not yet patched.

Two earlier vulnerabilities prompted CISA to order all federal civilian agencies in the US to disconnect Ivanti Connect Secure and Policy Secure products by February 2. CISA later updated its advisory on February 9 to say that products could be turned back on after they were patched.

SC Magazine     |     The Record     |     CISA     |     Ivanti     |     Techtarget     |     Techradar

__________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« 2024 & Beyond: Top Six Cloud Security Trends:
French Government Suffers Severe Cyber Attacks »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Bulb Security

Bulb Security

Whether your internal red team or penetration testing team needs training, or you lack internal resources and need an outsourced penetration test, Bulb Security can help.

Spiceworks

Spiceworks

Spiceworks provide a range of free apps for IT professionals including network inventory, network monitor, and help desk.

Atos

Atos

Atos provides a unique Cyber Security end to end solution with a data-centric and pre-emptive security approach.

Advantech

Advantech

Advantech is a leader in providing trusted innovative embedded and automation products and solutions. Activities include IoT security.

Verint Systems

Verint Systems

Verint is a leader in CX automation. The world’s most iconic brands rely on our open platform and team of AI-powered bots to create tangible AI business outcomes, now.

Raz-Lee Security

Raz-Lee Security

Raz-Lee Security is the leading security solution provider for IBM Power i, otherwise known as iSeries or AS/400 servers.

GuidePoint Security

GuidePoint Security

GuidePoint Security provide information security solutions that enable commercial and federal organizations to more successfully achieve their security and business goals.

Cyber Risk Opportunities

Cyber Risk Opportunities

Cyber Risk Opportunities was formed to enable middle-market executives to become more proficient cyber risk managers so their organizations can thrive.

Patriot Cyber Defense

Patriot Cyber Defense

Patriot Cyber Defense is a Cyber Security and Management Consulting professional services firm.

SeeMetrics

SeeMetrics

SeeMetrics is an automated cybersecurity performance management platform that integrates security data and business objectives into a simple interface.

CYMAR

CYMAR

CYMAR The “CYBER” Smart Solution to offer sustainability and bring resilience to Global SMART Terminals and protect the supply chain of the World’s economy.

42Crunch

42Crunch

42Crunch provides API security testing and threat protection. We proactively test, fix and protect your APIs from development to runtime.

London AI Safety Research (LASR)

London AI Safety Research (LASR)

London AI Safety Research Labs is a technical AI Safety research programme focussed on reducing the risk of loss of control to advanced AI.

Harmony Intelligence

Harmony Intelligence

Harmony builds cutting-edge defensive AI products that safeguard people and critical infrastructure around the world from AI-powered threats.

Maverits

Maverits

At Maverits, we are on a mission to reshape the cybersecurity landscape. We offer a wide range of services, including Threat Intelligence, Incident Response, Consulting & Training.

Pillar Security

Pillar Security

Pillar Security are building the unified AI security platform to identify, assess, and mitigate security risks across your entire AI lifecycle.