Threat actors have deployed attacks leveraging Ivanti product vulnerabilities to infiltrate two Cybersecurity and Infrastructure Security Agency systems last month, which were immediately taken down, reports The Record, a news site by cybersecurity firm Recorded Future.
While no further details were provided regarding the attackers' identity, the impacted systems, or the possibility of data compromise, CISA said that its operations were not affected by the intrusion and that system modernization efforts are underway. However, CISA was noted by a source close to the matter to have had its Infrastructure Protection Gateway and Chemical Security Assessment Tool compromised as a result of the attacks. Such a disclosure from CISA comes days after the agency warned about the ongoing exploitation of Ivanti Connect Secure and Ivanti Policy Secure flaws, tracked as CVE-2023-46805, CVE-2024-21887 and CVE-2024-21893. Organizations were also advised by the CISA and other cybersecurity agencies around the world regarding hackers' circumvention of an Ivanti security tool that allowed verification of compromise.
