The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert stating that a cyber threat actor has compromised a number of government agencies, critical infrastructure and organizations in the private sector since “June 2020 or earlier” using vulnerabilities in Ivanti’s Pulse Connect Secure virtual private network products.
CISA said Tuesday it has assisted several entities affected by the cyber breach since end of March and found that the threat actor uses multiple vulnerabilities to install webshells on the affected products to gain further access.
“The known webshells allow for a variety of functions, including authentication bypass, multi-factor authentication bypass, password logging, and persistence through patching,” the CISA alert reads.
The agency said Ivanti is working on a patch and has come up with a tool to help users ensure the integrity of their Pulse Connect Secure software.
CISA has called on organizations using the compromised VPN products to run the new integrity tool, check for malicious activity and update their VPN to the latest software version.
To register for this virtual forum, visit the GovConWire Events page.
