March 11, 2024 at 05:40PM
CISA officials reported a breach by threat actors who exploited Ivanti product vulnerabilities in February. Suspicious activity was discovered in two systems, the Infrastructure Protection Gateway and Chemical Security Assessment Tool, prompting CISA to recommend reviewing its advisory on three Ivanti vulnerabilities. The incident also exposed the failure of Ivanti ICT in detecting compromise.
Based on the meeting notes, the Cybersecurity and Infrastructure Security Agency (CISA) has reported a cybersecurity breach involving Ivanti product vulnerabilities at their organization. The breach occurred in February and suspicious activity was first identified a month ago in two systems, namely the Infrastructure Protection Gateway and the Chemical Security Assessment Tool (CSAT), which were subsequently taken offline. CISA has recommended that organizations review an advisory released in late February regarding three Ivanti vulnerabilities: CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893, which are part of the Ivanti Connect Secure and Ivanti Policy Secure gateways.
It was also reported that the Ivanti ICT failed to detect compromise in incident response engagements, allowing hackers to steal credentials and potentially access full domain compromise. As a result, leading cybersecurity agencies have urged all organizations to exercise caution regarding these gateway tools due to the risks they pose in an enterprise environment.
Despite the breach, CISA has stated that there is currently no operational impact, but emphasizes the importance of having an incident response plan in place as a necessary component of resilience against cyber vulnerabilities.