Government Cybersecurity Agency Suffers Data Breach

The Cybersecurity and Infrastructure Security Agency (CISA), which is responsible for cybersecurity and infrastructure protection for all levels of government, and for coordination of federal government cybersecurity with the states, has been breached. The attack occurred in February.

According to The Record, the hackers exploited vulnerabilities in Ivanti products the agency uses. 

A CISA spokesperson said the impact was limited to two systems that were immediately taken offline. The spokesperson claimed there was no operational impact, but refused to answer questions about the identity of the attacker, what systems were offline, and whether data was stolen.

Ivanti’s mobile endpoint management software is used by governments everywhere. Its vulnerabilities have allowed hackers to remotely access information including names, phone numbers, and other mobile device details. Attackers can make configuration changes as well, said CISA in a 2023 security alert.

On March 1 cybersecurity agencies alerted users that hackers had discovered a workaround for an Ivanti tool to help organizations check if they had been compromised. According to CISA, during incident response engagements it discovered that Ivanti’s internal and previous external ICT failed to detect compromises.

Using independent research in a lab environment, the agency confirmed that the tool, Ivanti ICT, “is not sufficient to detect compromise and that a cyber threat actor may be able to gain root-level persistence despite issuing factory resets.”

CISA, security companies Mandiant and Volexity, and Ivanti itself warned about two vulnerabilities in early January that were allegedly being exploited by Chinese state-backed hackers. Other cybercriminal gangs attempted to exploit them after the warning.