The Cybersecurity and Infrastructure Security Agency (CISA), the federal agency responsible for the nation’s cyber defenses, was forced to take two systems offline last month following a security breach.
“US officials briefed on the matter” confirmed to CNN that two systems were compromised: one that allows officials at various levels of government to access security assessment tools, and another that stores data related to security measures at chemical facilities. The Record, which first broke news of the attack, identified those systems as the Infrastructure Protection (IP) Gateway and Chemical Security Assessment Tool (CSAT).
CISA has not shared many details about the attack. CISA spokesperson Scott McConnell told IT Brew in a statement shared with other outlets, “The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernize our systems, and there is no operational impact at this time.”
“This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience,” the statement continued.
CSAT stores sensitive data on US chemical facilities, the Record reported, including sites’ security plans and procedures as well as details on their possible vulnerabilities. McConnell indicated the breach was related to vulnerabilities in Ivanti virtual private network and network access control products. In late February, CISA warned that hackers were exploiting them without being detected by Ivanti’s built-in security measures.
“During multiple incident response engagements…CISA identified that Ivanti’s internal and previous external ICT [Integrity Checking Tool] failed to detect compromise,” the advisory stated. CISA also said independent laboratory testing had verified that Ivanti ICT did not detect the exploits and that threat actors “may be able to gain root-level persistence despite issuing factory resets.”
On January 10, CNN reported that the vulnerabilities in Ivanti products had recently been used by hackers suspected to be working for the Chinese government, and they’ve been in widespread use by all manner of threat actors since CISA’s initial advisory on January 12.
According to CNN’s March 8 story, a source said the two affected systems relied on older technology, which CISA had plans to replace prior to the breach.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.