The U.S. National Security Agency (NSA) has acknowledged that it is actively tracking and addressing the significant impact of cyberattacks exploiting vulnerabilities in Ivanti’s enterprise VPN appliance, mainly targeting the U.S. defense sector. This confirmation follows reports by cybersecurity firm Mandiant, which identified suspected Chinese espionage hackers making extensive attempts to exploit multiple vulnerabilities in Ivanti Connect Secure. This software is crucial for remote access VPN services used globally by numerous corporations and large organizations.
In a statement emailed to leading technology media outlet TechCrunch on March 1st, Edward Bennett, a spokesperson for the NSA, revealed that the agency, together with its interagency partners, is “tracking and aware of the broad impact from the recent exploitation of Ivanti products, to include of the [sic] U.S defense sector.”
Hackers Identified
Mandiant has tracked the activities of these hackers, identified as threat group UNC5325, noting their focus on organizations within various industries, including the U.S. defense industrial base sector. This sector comprises thousands of private sector organizations that supply equipment and services to the U.S. military. Mandiant’s analysis highlights UNC5325’s deep understanding of the Ivanti Connect Secure appliance and its use of sophisticated techniques to evade detection. This includes the deployment of novel malware designed to maintain a presence on Ivanti devices despite factory resets, system upgrades, and patches.
Software Vulnerabilities Exposed
Furthermore, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about the potential for hackers exploiting Ivanti VPN appliances to achieve root-level persistence, even after factory resets. CISA’s independent tests revealed vulnerabilities in Ivanti’s Integrity Checker Tool, which could fail to detect compromises. Despite these findings, Ivanti’s response, articulated by their field chief information security officer, Mike Riemer, suggests a downplaying of CISA’s concerns. Riemer contends that the test scenarios outlined by CISA may not be applicable in real-world customer environments and claims that Ivanti is unaware of any successful threat actor persistence following the recommended security updates and factory resets.
250,000 Exploitation Attempts per Day
The scale of the exploitation attempts is vast, with cloud computing and security giant Akamai reporting around 250,000 exploitation attempts daily, targeting over 1,000 customers. The exact number of Ivanti customers affected by these vulnerabilities, first exploited in January, remains unclear. This situation underscores the critical challenge of securing network infrastructure against sophisticated cyber threats, especially those backed by nation-states with significant resources and expertise in cyber espionage. The ongoing collaboration between national security agencies and private sector cybersecurity firms is crucial in detecting, mitigating, and preventing such cyberattacks to protect national security and critical infrastructure.
A Significant Impact
The U.S. National Security Agency (NSA) has acknowledged that it is actively tracking and addressing the significant impact of cyberattacks exploiting vulnerabilities in Ivanti’s enterprise VPN appliance, mainly targeting the U.S. defense sector. This confirmation follows reports by cybersecurity firm Mandiant, which identified suspected Chinese espionage hackers making extensive attempts to exploit multiple vulnerabilities in Ivanti Connect Secure. This software is crucial for remote access VPN services used globally by numerous corporations and large organizations.
In a statement emailed to leading technology media outlet TechCrunch on March 1st, Edward Bennett, a spokesperson for the NSA, revealed that the agency, together with its interagency partners, is “tracking and aware of the broad impact from the recent exploitation of Ivanti products, to include of the [sic] U.S defense sector.”
Hackers Identified
Mandiant has tracked the activities of these hackers, identified as threat group UNC5325, noting their focus on organizations within various industries, including the U.S. defense industrial base sector. This sector comprises thousands of private sector organizations that supply equipment and services to the U.S. military. Mandiant’s analysis highlights UNC5325’s deep understanding of the Ivanti Connect Secure appliance and its use of sophisticated techniques to evade detection. This includes the deployment of novel malware designed to maintain a presence on Ivanti devices despite factory resets, system upgrades, and patches.
Software Vulnerabilities Exposed
Furthermore, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about the potential for hackers exploiting Ivanti VPN appliances to achieve root-level persistence, even after factory resets. CISA’s independent tests revealed vulnerabilities in Ivanti’s Integrity Checker Tool, which could fail to detect compromises. Despite these findings, Ivanti’s response, articulated by their field chief information security officer, Mike Riemer, suggests a downplaying of CISA’s concerns. Riemer contends that the test scenarios outlined by CISA may not be applicable in real-world customer environments and claims that Ivanti is unaware of any successful threat actor persistence following the recommended security updates and factory resets.
250,000 Exploitation Attempts per Day
The scale of the exploitation attempts is vast, with cloud computing and security giant Akamai reporting around 250,000 exploitation attempts daily, targeting over 1,000 customers. The exact number of Ivanti customers affected by these vulnerabilities, first exploited in January, remains unclear. This situation underscores the critical challenge of securing network infrastructure against sophisticated cyber threats, especially those backed by nation-states with significant resources and expertise in cyber espionage. The ongoing collaboration between national security agencies and private sector cybersecurity firms is crucial in detecting, mitigating, and preventing such cyberattacks to protect national security and critical infrastructure.
Barrett is the world leader in long-range, large-caliber, precision rifle design and manufacturing. Barrett products are used by civilians, sport shooters, law enforcement agencies, the United States military, and more than 75 State Department-approved countries around the world.
PO Box 1077 MURFREESBORO, Tennessee 37133 United States
Scrubba Wash Bag
Our ultra-portable washing machine makes your journey easier. This convenient, pocket-sized travel companion allows you to travel lighter while helping you save money, time and water.
Our roots in shooting sports started off back in 1996 with our founder and CEO, Josh Ungier. His love of airguns took hold of our company from day one and we became the first e-commerce retailer dedicated to airguns, optics, ammo, and accessories. Over the next 25 years, customers turned to us for our unmatched product selection, great advice, education, and continued support of the sport and airgun industry.
COMMENTS
There are
You must become a subscriber or login to view or post comments on this article.