CISA warns chemical facilities may have been hacked in CSAT breach

News
By published

Attacker may have site security plans for chemical facilities all over the US, CISA warns

factory
(Image credit: Pixabay)

Chemical facilities across the US that utilize the Cybersecurity & Infrastructure Security Agency’s (CISA) ‘Chemical Security Assessment Tool’ could be at risk following thanks to a data breach that reportedly struck in January 2024.

The attackers may have been able to access sensitive and confidential material relating to facility security assessments after abusing an Ivanti device to plant a webshell.

CSAT is supposed to help facilities stay on top of risk-assessments by providing a security vulnerability assessment (SVA) and site security plan (SSP) if they are determined to be a high-risk facility that could be targeted by terrorists.

 Exploited for months

Systems went offline as early as March 2024 in relation to an Ivanti device belonging to CISA that was exploited by attackers and reported by The Record, with two systems taken down for an investigation.

It has now been confirmed by CISA that a threat actor installed a webshell on the Ivanti Connect Secure device to maintain access, which the attacker then exploited multiple times over two days. The attacker abused three vulnerabilities tracked as CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893.

In the breach notification, CISA said, “CISA is notifying all impacted participants in the CFATS program out of an abundance of caution that this information could have been inappropriately accessed. Even without evidence of data exfiltration, the number of potential individuals and organizations whose data was potentially at risk met the threshold of a major incident under the Federal Information Security Modernization Act (FISMA).”

Using the exploited Ivanti device, the attacker may have had access to highly sensitive information such as site security plans, security vulnerability assessments, CSAT user accounts and submissions made to the personnel surety program.

Andrew Lintell, General Manager, EMEA, at Claroty said, “The chemical sector holds all the ingredients necessary for a recipe of destruction. In a time of increasing global tensions and nation-state backed attacks, the leaking of information of facilities holding dangerous chemicals could be a real issue. We’ve seen in the past where nation-states have tried to cause explosions in petrochemical plants which could have had disastrous consequences.”

“The leaking of site security plans (SSPs) could be the golden ticket for cybercriminals who want to infiltrate these facilities. As IT and OT networks converge, the potential for causing damage has grown significantly.  It is vital that organisations in the chemical sector implement network segmentation to prevent lateral movement across cyber-physical systems and restrict any unnecessary connectivity,” Lintell concluded.

Via BleepingComputer

More from TechRadar Pro

Benedict Collins
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read more
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
CISA tells agencies to patch BeyondTrust bug now
Avast cybersecurity
Hackers are hijacking government software to access sensitive servers
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
China US flags cropped
CISA says ‘no indication’ other US government agencies affected in Treasury hack
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
Latest in Pro
cybersecurity
What's the right type of web hosting for me?
Security padlock and circuit board to protect data
Trust in digital services around the world sees a massive drop as security worries continue
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
construction
Building in the digital age: why construction’s future depends on scaling jobsite intelligence
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
More about pro
Silicon Motion MonTian 128TB SSD

More 128TB SSDs on the way, but they won't be cheaper: Key maker of NAND flash controllers says 128TB SSDs are shipping
Toshiba HDD Innovation Lab

How to make hard drives faster? Simple, just bunch dozens of them together, Toshiba says
Compal Infinite Laptop

This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
See more latest
Most Popular
Compal Infinite Laptop
This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
Silicon Motion MonTian 128TB SSD
More 128TB SSDs on the way, but they won't be cheaper: Key maker of NAND flash controllers says 128TB SSDs are shipping
Toshiba HDD Innovation Lab
How to make hard drives faster? Simple, just bunch dozens of them together, Toshiba says
Asus Ascent GX10
Asus debuts its own mini AI supercomputer: Ascent GX10 costs $2999 and comes with Nvidia's GB10 Grace Blackwell Superchip
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Micron SOCAMM memory module
World's biggest RAM vendors develop superior memory form factor exclusively for Nvidia, sorry Intel and AMD