US Federal Cybersecurity Agency Takes Systems Offline After Hack

Penka Hristovska
Penka Hristovska Senior Editor
Penka Hristovska Penka Hristovska Senior Editor

The federal cybersecurity agency in the US has shut down two essential computer systems after it discovered that hackers breached its network.

According to US officials familiar with the situation, one of the compromised systems at the US Cybersecurity and Infrastructure Security Agency (CISA) operated a critical program used by federal, state, and local officials to exchange tools for assessing cyber and physical threats. The second system contained detailed information regarding the security assessments of facilities handling chemicals.

CISA has yet to confirm which systems were taken offline, but a CISA spokesperson highlighted that the hack was limited to the two systems that the agency shut down.

“We continue to upgrade and modernize our systems, and there is no operational impact at this time.” a CISA spokesperson said in a statement. “This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience.”

It’s not clear who’s behind the hack, but it was executed by exploiting flaws in widely used virtual private networking software developed by Ivanti, a Utah-based IT company.

The agency pointed to an advisory it released on February 29, alerting them to threat actors exploiting known vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. The advisory specifically underlines vulnerabilities identified as CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893.

Hackers managed to steal login credentials from Ivanti devices, in some instances gaining complete domain control.

CISA said at the time that “Ivanti’s internal and previous external ICT failed to detect compromise. In addition, CISA has conducted independent research in a lab environment validating that the Ivanti ICT is not sufficient to detect compromise and that a cyber threat actor may be able to gain root-level persistence despite issuing factory resets.”

“The authoring organizations strongly urge all organizations to consider the significant risk of adversary access to, and persistence on, Ivanti Connect Secure and Ivanti Policy Secure gateways when determining whether to continue operating these devices in an enterprise environment,” the agency said.

About the Author
Penka Hristovska
Penka Hristovska
Senior Editor

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.