top of page
  • Writer's pictureAnup Ghosh

CISA Breach Affects Over 100,000 Individuals




The Download

In Congressional testimony, CISA Executive Director testified that information on 100,000 individuals were compromised from the breach of the Chemical Security Assessment Tool (CSAT) and CISA Gateway back in January 2024. Hackers were able to gain access to these systems by exploiting vulnerabilities in Ivanti Connect Secure software. In spite of patching within days of the vulnerability disclosure, and monitoring for the integrity of the systems using Ivanti mitigations, the hackers were able to bypass these and compromise the systems.


The CSAT system stores the names of individuals who have access to high risk chemicals for cross-referencing against terrorist screening databases. Attribution for the attack has not been publicly disclosed by CISA, but Google's Mandiant has laid the blame at the feet of Chinese-linked actors known as UNC5221.


What You Can Do

First it's important to know your attack surface. CISA not only knew they had the vulnerability, but they warned everyone else by adding it to the CISA Known Exploitable Vulnerability KEV list. The incident illustrates the importance of having detection and incident response plans as called for in the NIST CSF framework.


To Learn More:



59 views

Comments


bottom of page