The leading U.S. cybersecurity agency issued an emergency directive on Friday, asking all federal agencies to safeguard themselves against a serious vulnerability found in a popular software program. The agency is currently investigating Chinese involvement in the vulnerability for espionage purposes
The identified program in question is Ivanti Connect Secure, a tool that enables employees to connect to their work remotely. Discovered by cybersecurity company Volexity in December, a critical vulnerability in this program allows hackers significant access to businesses or government agencies, potentially creating additional back doors for future exploitation.
The gravity of the situation has escalated globally, with Volexity reporting that at least 1,700 known organisations worldwide have fallen victim to this vulnerability. Eric Goldstein, the executive assistant director at the U.S. Cybersecurity and Infrastructure Security Agency (CISA), shared in a press call that hackers have become aware of the vulnerability and are increasingly targeting companies and government agencies using Connect Secure.
Goldstein highlighted ongoing investigations into attempted hacks on federal agencies, revealing that about 15 agencies currently utilise the vulnerable software. While it remains uncertain if any attempts were successful, he drew attention to the resemblance of this hacking campaign to a similar incident in 2021. Back then, a vulnerability in an earlier version of the same program, then called Pulse Secure, allowed hackers to access multiple U.S. federal agencies. Mandiant, now a Google-owned cybersecurity company, identified the hackers as members of a Chinese intelligence service engaged in espionage.
In response to these allegations, a spokesperson for China’s embassy in Washington refuted the claims, stating, “The Chinese government’s position on cybersecurity is consistent and clear.” The spokesperson emphasised China’s opposition to cyber hacking and criticised the U.S. side for distorting the truth. The embassy has not yet responded to requests for comments on CISA’s ongoing investigation.
Goldstein refrained from directly attributing blame to China in the recent attempts but noted that the observed actions “would be consistent with what we have seen from PRC actors.” PRC stands for the People’s Republic of China, the country’s official name. He clarified that there is currently no evidence suggesting the use of these vulnerabilities by Chinese actors to exploit federal agencies. Nonetheless, the focus remains on urgent mitigation efforts to ensure the security of federal networks and critical infrastructure.CISA Directs Federal Agencies To Disconnect Ivanti VPN Appliances
A serious vulnerability in the program, first detected in December by the cybersecurity company Volexity, can grant hackers considerable access to the businesses or government agencies that use it and allows for the creation of additional back doors to return later.
