Ivanti Pulse Connect Secure data breach

Data breach of VPN devices

On April 20, 2021, it was reported that suspected Chinese-state backed hacker groups had breached multiple government agencies, defense companies and financial institutions in both the US and Europe after the hackers created and used a Zero-day exploit for Ivanti Pulse Connect Secure VPN devices.[1][2][3] A Cybersecurity and Infrastructure Security Agency alert reported that the attacks using the exploited started in June 2020 or earlier.[4] The attacks were believed to be the third major data breach against the U.S. in the previous year behind the 2020 United States federal government data breach and the 2021 Microsoft Exchange Server data breach.[5]

Impact

A Cybersecurity and Infrastructure Security Agency alert reported that the attacks affected "U.S. government agencies, critical infrastructure entities, and other private sector organizations."[6] A spokesperson for Ivanti said that only a "limited number" of customers had been compromised.[7] Mandiant's chief financial officer Charles Carmakal said that while the hack had only a small indication of having a large number of victims. He said the breach was significant because it had allowed unauthorized access to federal and corporate systems for months.[8]

Responses

A spokesperson for Ivanti said that while mitigations are in place a patch to fix the vulnerabilities was not expected until May.[9] With the patch finally being released on May 3, 2021.[10] The CISA issued an emergency directive requiring that federal agencies install product updates.[11] China has denied being behind the attack and accused the U.S. of being the "biggest empire of hacking and tapping."[12]

See also

References

  1. ^ Miller, Maggie (2021-04-20). "Multiple agencies breached by hackers using Pulse Secure vulnerabilities". The Hill. Retrieved 2021-04-21.
  2. ^ "Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day". FireEye. Retrieved 2021-04-21.
  3. ^ Brian Fung and Geneva Sands (20 April 2021). "Suspected Chinese hackers exploited Pulse Secure VPN to compromise 'dozens' of agencies and companies in US and Europe". CNN. Retrieved 2021-04-21.
  4. ^ "Exploitation of Pulse Connect Secure Vulnerabilities | CISA". us-cert.cisa.gov. Retrieved 2021-04-21.
  5. ^ Brian Fung and Geneva Sands (20 April 2021). "Suspected Chinese hackers exploited Pulse Secure VPN to compromise 'dozens' of agencies and companies in US and Europe". CNN. Retrieved 2021-04-21.
  6. ^ "Exploitation of Pulse Connect Secure Vulnerabilities | CISA". us-cert.cisa.gov. Retrieved 2021-04-21.
  7. ^ Miller, Maggie (2021-04-20). "Multiple agencies breached by hackers using Pulse Secure vulnerabilities". The Hill. Retrieved 2021-04-21.
  8. ^ "China behind another hack as U.S. cybersecurity issues mount". NBC News. 22 April 2021. Retrieved 2021-04-22.
  9. ^ Miller, Maggie (2021-04-20). "Multiple agencies breached by hackers using Pulse Secure vulnerabilities". The Hill. Retrieved 2021-04-21.
  10. ^ Mackie, Kurt (2021-05-03). "Patch Issued for Critical Vulnerability in Pulse Connect Secure VPNs -- Redmondmag.com". Redmondmag. Retrieved 2021-05-10.
  11. ^ Brian Fung and Geneva Sands (20 April 2021). "Suspected Chinese hackers exploited Pulse Secure VPN to compromise 'dozens' of agencies and companies in US and Europe". CNN. Retrieved 2021-04-21.
  12. ^ "China calls U.S. "biggest empire of hacking" after being accused of cyber spying". Newsweek. 2021-04-21. Retrieved 2021-04-22.
  • v
  • t
  • e
Hacking in the 2020s
← 2010s Timeline 2030s →
Major incidents
2020
2021
2022
2023
2024
GroupsIndividualsMajor vulnerabilities
publicly disclosed
Malware
2020
2021
  • Predator
2022