CISA issues emergency guidance to federal agencies regarding the Connect Secure program

The top US Internet monitoring agency issued Emergency routing On Friday, all federal agencies are required to protect themselves against a critical vulnerability in a popular computer program. The agency said it was investigating whether China had used the software to spy on agencies.

The software the agencies use is called Ivanti Connect Secure, which allows employees to connect to work remotely. A devastating vulnerability in the software, first discovered in December by cybersecurity firm Volexity, could give hackers significant access to companies or government agencies that use it and allow additional backdoors to be created to return later.

As news of the vulnerability spread widely, at least 1,700 well-known organizations around the world were hacked by it. I found Volexity.

In a press call with reporters late Friday afternoon, Eric Goldstein, associate executive director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), said hackers learned of the vulnerability and have increasingly tried to hack companies and government agencies that use Connect secures.

“We have observed additional targeting of federal agencies as part of the broader Opportunity campaign at this point. Each of these cases is under investigation by CISA and the relevant agency,” Goldstein said.

Goldstein said someone tried to use the Ivanti vulnerability to try to hack some federal agencies, though it was not yet clear whether any had succeeded. About 15 agencies use the program, he said.

The hacking campaign strikingly echoes a similar campaign in 2021, when CISA announced a security flaw in its network. Previous version The same software, which at the time was called Pulse Secure, enabled hackers to gain access to several US federal agencies. Cybersecurity firm Mandiant, now owned by Google, said at the time that the hackers who gained access to federal systems were members of a Chinese intelligence service conducting espionage.

A spokesperson for the Chinese Embassy in Washington said in an email that “the Chinese government's position on cybersecurity is consistent and clear. We have always firmly opposed all forms of cyber piracy and have cracked down hard on it in accordance with the law.” “This aspect completely distorts the truth.”

I refuted this claim at the time, and have often refuted repeated accusations of cyber espionage made by US and other Western officials and Western cybersecurity companies. The embassy did not immediately respond to a request for comment on the CISA investigation.

Goldstein stopped short of blaming China for the latest attempts, but said what his agency saw “would be consistent with what we've seen from actors in the People's Republic of China,” using an abbreviation for the country's official name, the People's Republic of China.

“At this time, we have no evidence to suggest that PRC actors have used these vulnerabilities to exploit federal agencies. But of course, we are focused on this particular issue and are working on urgent mitigation to ensure that our federal networks and critical infrastructure take the right steps to respond.” .