Ivanti Pulse Connect Secure data breach

From HandWiki
Short description: Data breach of Ivanti Pulse Connect Secure VPN devices


On April 20, 2021, it was reported that suspected Chinese-state backed hacker groups had breached multiple government agencies, defense companies and financial institutions in both the US and Europe after the hackers created and used a Zero-day exploit for Ivanti Pulse Connect Secure VPN devices.[1][2][3] A Cybersecurity and Infrastructure Security Agency alert reported that the attacks using the exploited started in June 2020 or earlier.[4] The attacks are believed to be the third major data breach against the U.S. in the past year behind the 2020 United States federal government data breach and the 2021 Microsoft Exchange Server data breach.[5]

Impact

A Cybersecurity and Infrastructure Security Agency alert reported that the attacks affected "U.S. government agencies, critical infrastructure entities, and other private sector organizations."[6] A spokesperson for Ivanti said that only a "limited number" of customers had been compromised.[7] Mandiant's chief financial officer Charles Carmakal said that while the hack had only a small indication of having a large number of victims. He said the breach was significant because it had allowed unauthorized access to federal and corporate systems for months.[8]

Responses

A spokesperson for Ivanti said that while mitigations are in place a patch to fix the vulnerabilities was not expected until May.[9] With the patch finally being released on May 3, 2021.[10] The CISA issued an emergency directive requiring that federal agencies install product updates.[11] China has denied being behind the attack and accused the U.S. of being the "biggest empire of hacking and tapping."[12]

See also

References

  1. Miller, Maggie (2021-04-20). "Multiple agencies breached by hackers using Pulse Secure vulnerabilities" (in en). https://thehill.com/policy/cybersecurity/549326-multiple-agencies-breached-by-hackers-using-pulse-secure-vulnerabilities. 
  2. "Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day" (in en). https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html. 
  3. Brian Fung and Geneva Sands (20 April 2021). "Suspected Chinese hackers exploited Pulse Secure VPN to compromise 'dozens' of agencies and companies in US and Europe". https://www.cnn.com/2021/04/20/politics/fireeye-pulse-secure-vpn-exploit/index.html. 
  4. "Exploitation of Pulse Connect Secure Vulnerabilities | CISA". https://us-cert.cisa.gov/ncas/alerts/aa21-110a. 
  5. Brian Fung and Geneva Sands (20 April 2021). "Suspected Chinese hackers exploited Pulse Secure VPN to compromise 'dozens' of agencies and companies in US and Europe". https://www.cnn.com/2021/04/20/politics/fireeye-pulse-secure-vpn-exploit/index.html. 
  6. "Exploitation of Pulse Connect Secure Vulnerabilities | CISA". https://us-cert.cisa.gov/ncas/alerts/aa21-110a. 
  7. Miller, Maggie (2021-04-20). "Multiple agencies breached by hackers using Pulse Secure vulnerabilities" (in en). https://thehill.com/policy/cybersecurity/549326-multiple-agencies-breached-by-hackers-using-pulse-secure-vulnerabilities. 
  8. "China behind another hack as U.S. cybersecurity issues mount" (in en). 22 April 2021. https://www.nbcnews.com/tech/security/china-another-hack-us-cybersecurity-issues-mount-rcna744. 
  9. Miller, Maggie (2021-04-20). "Multiple agencies breached by hackers using Pulse Secure vulnerabilities" (in en). https://thehill.com/policy/cybersecurity/549326-multiple-agencies-breached-by-hackers-using-pulse-secure-vulnerabilities. 
  10. Mackie, Kurt (2021-05-03). "Patch Issued for Critical Vulnerability in Pulse Connect Secure VPNs -- Redmondmag.com" (in en-US). https://redmondmag.com/articles/2021/05/03/patch-pulse-connect-secure-vpns.aspx. 
  11. Brian Fung and Geneva Sands (20 April 2021). "Suspected Chinese hackers exploited Pulse Secure VPN to compromise 'dozens' of agencies and companies in US and Europe". https://www.cnn.com/2021/04/20/politics/fireeye-pulse-secure-vpn-exploit/index.html. 
  12. "China calls U.S. "biggest empire of hacking" after being accused of cyber spying" (in en). 2021-04-21. https://www.newsweek.com/china-calls-us-biggest-empire-hacking-after-being-accused-cyber-spying-1585554. 

Template:Hacking in the 2020s