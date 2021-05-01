



At least five U.S. federal agencies may have suffered cyber attacks that targeted recently discovered security flaws that let hackers run wild on vulnerable networks, the U.S. Agency for Cybersecurity and Infrastructure Security said on Friday.

The vulnerabilities in Pulse Connect Secure, a VPN that employees use to connect to large networks remotely, include a vulnerability that hackers were actively exploiting before it was known to Ivanti, the product’s maker. The flaw, revealed by Ivanti last week, has a possible severity rating of 10 out of 10. network on which it is installed.

Federal agencies, critical infrastructure and more

Security firm FireEye said in a report released the same day as Ivanti’s disclosure that China-linked hackers spent months exploiting the critical vulnerability to spy on US defense contractors and global financial institutions. whole. Ivanti has confirmed in a separate article that the zeroday vulnerability, tracked as CVE-2021-22893, is under active exploitation.

In March, following the disclosure of several other vulnerabilities that have now been patched, Ivanti released the Pulse Secure Connect integrity tool, which streamlines the process of verifying the compromise of vulnerable Pulse Secure devices. Following the disclosure in recent weeks that CVE-2021-2021-22893 is being actively exploited, the CISA has asked all federal agencies to run the tool.

CISA is aware of at least five federal civilian agencies that have run the Pulse Connect Secure Integrity tool and identified indications of potential unauthorized access, wrote Matt Hartman, CISA deputy executive assistant director, in a statement sent by email. We work with each agency to validate if an intrusion has occurred and will offer incident assistance accordingly.

CISA said it was aware of compromises from federal agencies, critical infrastructure entities and private sector organizations dating back to June 2020.

They keep coming The targeting of the five agencies is the latest in a series of large-scale cyber attacks to hit sensitive government and business organizations in recent months. In December, researchers discovered an operation that infected the software build and distribution system of network management tool maker SolarWinds. The hackers used their control to send backdoor updates to around 18,000 customers. Nine government agencies and less than 100 private organizations including Microsoft, antivirus maker Malwarebytes and Mimecastrea have received back-to-back attacks. In March, hackers exploiting a recently discovered vulnerability in Microsoft Exchange compromised approximately 30,000 Exchange servers in the United States and up to 100,000 worldwide. Microsoft said Hafnium, its name for a group operating in China, was behind the attacks. In the days that followed, hackers not affiliated with Hafnium began infecting already compromised servers to install a new strain of ransomware. Two other serious breaches also occurred, one against the maker of the Codecov software development tool and the other against the seller of Passwordstate, a password manager used by large companies to store information about. identification of firewalls, VPNs and other devices connected to the network. Both breaches are serious because hackers can use them to compromise the large number of customers of the companies’ products.

Ivanti said it is helping investigate and respond to exploits, which the company says were discovered on a very limited number of client systems.

The Pulse team has taken swift action to provide mitigation measures directly to the limited number of affected customers who are remedying the risk to their system, and we plan to release a software update in the coming days, a door added. -speak.

