Ivanti Pulse Connect Secure data breach

From Wikipedia, the free encyclopedia

On April 20, 2021, it was reported that suspected Chinese-state backed hacker groups had breached multiple government agencies, defense companies and financial institutions in both the US and Europe after the hackers created and used a Zero-day exploit for Ivanti Pulse Connect Secure VPN devices.[1][2] The VPN devices are reported to be a widely remote connectivity tool that are used to gain access to dozens of organizations in the industrial defense sector.[3] A Cybersecurity and Infrastructure Security Agency alert reported that the attacks using the exploited started in June 2020 or earlier.[4] The attacks are believed to be the third major data breach against the U.S. in the past year behind the 2020 United States federal government data breach and the 2021 Microsoft Exchange Server data breach.[5]

Impact[]

A Cybersecurity and Infrastructure Security Agency alert reported that the attacks affected "U.S. government agencies, critical infrastructure entities, and other private sector organizations."[6] A spokesperson for Ivanti said that only a "limited number" of customers had been compromised.[7] Mandiant's chief financial officer Charles Carmakal said that while the hack had only a small indication of having a large number of victims. He said the breach was significant because it allowed China to gain access to federal agencies and major U.S. companies for months.[8]

Responses[]

A spokesperson for Ivanti said that while mitigations are in place a patch to fix the vulnerabilities was not expected until May.[9] With the patch finally being released on May 3, 2021.[10] The CISA issued an emergency directive calling for organizations effected run an "integrity tool" to check for issues, and to install updates for the Ivanti devices.[11] China has denied being behind the attack and accused the U.S. of being the "biggest empire of hacking and tapping."[12]

See also[]

References[]

  1. ^ Miller, Maggie (2021-04-20). "Multiple agencies breached by hackers using Pulse Secure vulnerabilities". TheHill. Retrieved 2021-04-21.
  2. ^ "Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day". FireEye. Retrieved 2021-04-21.
  3. ^ Brian Fung and Geneva Sands. "Suspected Chinese hackers exploited Pulse Secure VPN to compromise 'dozens' of agencies and companies in US and Europe". CNN. Retrieved 2021-04-21.
  4. ^ "Exploitation of Pulse Connect Secure Vulnerabilities | CISA". us-cert.cisa.gov. Retrieved 2021-04-21.
  5. ^ Brian Fung and Geneva Sands. "Suspected Chinese hackers exploited Pulse Secure VPN to compromise 'dozens' of agencies and companies in US and Europe". CNN. Retrieved 2021-04-21.
  6. ^ "Exploitation of Pulse Connect Secure Vulnerabilities | CISA". us-cert.cisa.gov. Retrieved 2021-04-21.
  7. ^ Miller, Maggie (2021-04-20). "Multiple agencies breached by hackers using Pulse Secure vulnerabilities". TheHill. Retrieved 2021-04-21.
  8. ^ "China behind another hack as U.S. cybersecurity issues mount". NBC News. Retrieved 2021-04-22.
  9. ^ Miller, Maggie (2021-04-20). "Multiple agencies breached by hackers using Pulse Secure vulnerabilities". TheHill. Retrieved 2021-04-21.
  10. ^ Mackie, Kurt; 05/03/2021. "Patch Issued for Critical Vulnerability in Pulse Connect Secure VPNs -- Redmondmag.com". Redmondmag. Retrieved 2021-05-10.CS1 maint: numeric names: authors list (link)
  11. ^ Brian Fung and Geneva Sands. "Suspected Chinese hackers exploited Pulse Secure VPN to compromise 'dozens' of agencies and companies in US and Europe". CNN. Retrieved 2021-04-21.
  12. ^ "China calls U.S. "biggest empire of hacking" after being accused of cyber spying". Newsweek. 2021-04-21. Retrieved 2021-04-22.
Retrieved from ""