CISA confirms it was breached by attackers using Ivanti flaws, some systems taken offline

Red padlock open on electric circuits network dark red background
(Image credit: Shutterstock/Chor muang)

One of the organizations compromised through a recently-discovered flaw in Ivanti products was, ironically enough, the US government's Cybersecurity and Infrastructure Security Agency (CISA).

Confirmation of the breach came from CISA itself, as well as from an anonymous source “with knowledge of the situation”, with a CISA spokesperson telling The Record the organization “identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses”.

“The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernize our systems, and there is no operational impact at this time,” the spokesperson said. As they shared no further details, the publication spoke to an anonymous source familiar with the matter, who claimed that the systems breached, and subsequently turned off, included the Infrastructure Protection (IP) Gateway, and the Chemical Security Assessment Tool (CSAT).

Ivanti's 2024 woes

The former holds “critical information” about the interdependency of U.S. infrastructure, while the latter holds “private sector chemical security plans”. CSAT holds “some of the country’s most sensitive industrial information”, the publication further claimed, saying that includes the Top Screen tool for high-risk chemical facilities, Site Security Plans, and the Security Vulnerability Assessment. 

Unfortunately, we don’t know if this was a ransomware attack, and if the attackers actually stole any of the sensitive data allegedly stored on these endpoints. Furthermore, the identity of the attacks is also unknown, but if it was ransomware, it’s most likely either LockBit, BlackCat (ALPHV), or Cl0p. 

News of security flaws in Ivanti products first broke in early January 2024, when the company announced addressing a critical vulnerability in its Endpoint Management Software (EPM), allowing for remote code execution (RCE). In the weeks to come, Ivanti found a handful of additional flaws, which were later found to be abused en-masse, by different threat actors looking to deploy various malware and infostealers. 

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
CISA tells agencies to patch BeyondTrust bug now
Representational image depecting cybersecurity protection
Ivanti reveals major security update, so make sure you're protected
vpn
Ivanti warns another critical security flaw is being attacked
Representational image depecting cybersecurity protection
CISA says Oracle and Mitel have critical security flaws being exploited
China US flags cropped
CISA says ‘no indication’ other US government agencies affected in Treasury hack
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does