At least five US federal agencies may have experienced cyber attacks targeting a newly discovered security flaw that allows hackers to free control of vulnerable networks. And infrastructure, the US said on Friday.
The vulnerability in Pulse Connect Secure, a VPN used by employees to remotely connect to large networks, includes one that hackers actively exploited before product maker Ivanti was known. The flaw that Ivanti revealed last week has a possible severity score of 10 out of 10.An authentication bypass vulnerability allows untrusted users to remotely run malicious code on Pulse hardware. Secure and from there to take control of the rest of the installed network.
Federal agencies, critical infrastructure, and so on.
Security firm FireEye said in a report released on the same day as Ivanti disclosed that Chinese-linked hackers have spent months exploiting a critical vulnerability to spying on defense contractors and financial institutions. Worldwide US Ivanti confirmed in a separate post that the zeroday vulnerability tracked was CVE-2021-22893 Under use
In March, following the revealing of other vulnerabilities, Ivanti released the Pulse Secure Connect Integrity Tool, which streamlines the process of verifying whether a vulnerable Pulse Secure device has been compromised. After revealing last week that CVE-2021-2021-22893 Under exploitation, the CISA has mandated all federal agencies to run the tool.
“CISA recognizes at least five federal civilian agencies that use the Pulse Connect Secure Integrity Tool and identifies potential unauthorized access,” wrote Matt Hartman, deputy assistant director of CISA. In an emailed statement, “We are working with each agency to investigate whether an infiltration has occurred and to support its response to such incidents.
The CISA said it recognized the compromise of federal agencies, critical infrastructure agencies and private sector organizations dating back to June 2020.
They keep coming.
The five agencies’ targeting is the latest in a string of massive cyberattacks to attack sensitive governments and business entities in recent months. In December, researchers discovered an operation that infects network management tool maker SolarWinds to create and distribute software. Hackers used their controls to push backward updates to around 18,000 units. Nine government jobs and less than 100 private organizations, including Microsoft, antivirus maker Malwarebytes and Mimecast, have been attacked as a result. In March, hackers exploiting a newly discovered vulnerability in Microsoft Exchange attacked about 30,000 Exchange servers in the United States and up to 100,000 around the world, Microsoft said, the name of a group operating in China behind it. Attack A few days later, hackers not affiliated with Hafnium began infecting compromised servers to install new ransomware strains. In addition, two more serious violations occurred, one against the maker of developer tools Codecov and once against the seller. Passwordstate This is a password manager used by large corporations to store credentials for firewalls, VPNs, and other networked devices.Both breaches are serious, as hackers can use it to compromise many of the company’s products.
Ivanti said it was helping investigate and respond to exploits, which the company said was “discovered in a limited number of customer systems”.
“The Pulse team is working swiftly to provide direct relief to a limited number of affected customers that will address the risks to their systems, and we plan to release software updates within the next few days. “The spokesperson added.