June 24, 2024 at 04:58PM
CISA’s Chemical Security Assessment Tool (CSAT) suffered a breach in January when hackers deployed a webshell on its Ivanti device, potentially exposing sensitive security assessments and plans. CISA confirmed the breach, stating that while no evidence of data theft was found, they are notifying potentially impacted individuals and organizations out of an abundance of caution.
Based on the meeting notes, the key takeaways are:
– CISA’s Chemical Security Assessment Tool (CSAT) environment was breached in January after hackers deployed a webshell on its Ivanti device, potentially exposing sensitive security assessments and plans.
– The breach involved the CSAT Ivanti Connect Secure appliance being compromised on January 23, 2024, allowing a threat actor to upload a web shell to the device and access it multiple times over two days.
– While CISA says all of the data in the CSAT application is encrypted with AES 256 encryption and there is no evidence that CSAT data was stolen, they decided to notify companies and individuals in an abundance of caution.
– The potentially exposed data includes Top-Screen surveys, Security Vulnerability Assessments, Site Security Plans, Personnel Surety Program submissions, and CSAT user accounts. This includes highly sensitive information such as place of birth, citizenship, passport number, and other personal details.
– CISA is recommending that all CSAT account holders reset their passwords for any accounts that used the same password and is sending out different notification letters depending on whether the recipient is an individual or organization.