The Cybersecurity and Infrastructure Security Agency (CISA) confirmed a cyberattack in February that exploited vulnerabilities in Ivanti software used by the agency. While CISA declined to disclose details about the attackers or data accessed, the compromised systems reportedly included critical infrastructure data.
CISA acknowledged the incident but offered limited information. They confirmed taking two systems offline and emphasized the importance of incident response plans. Unnamed sources claim the compromised systems may have housed critical infrastructure data and chemical security plans.
Jonathan Greig and Suzanne Smalley for The Record:
A CISA spokesperson confirmed to Recorded Future News that the agency “identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses” about a month ago.
“The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernize our systems, and there is no operational impact at this time,” the spokesperson said. “This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience.”
CISA previously warned about vulnerabilities in Ivanti products exploited by hackers. These vulnerabilities potentially allowed attackers to gain full access to compromised systems. A separate advisory noted that an Ivanti tool designed to detect such breaches may be ineffective.
While the number of affected federal agencies remains unclear, CISA previously stated that around 15 agencies used the vulnerable software. The potential exposure of sensitive infrastructure data raises security concerns, highlighting the need for robust cybersecurity measures and the importance of addressing software vulnerabilities promptly.
