The Download
In another follow-up to a story from earlier this year, CISA disclosed its servers have been compromised following exploitation of the Ivanti Connect Secure vulnerabilities. In February, CISA announced emergency directives to Federal agencies to immediately patch vulnerabilities CVE-2023-46805, CVE-2024-21887 and CVE-2024-21893 or to take Connect Secure offline.
In a stunning development, it appears that CISA's own servers for Infrastructure Protection (IP) and Chemical Security Assessment Tool (CSAT) were breached by exploitation of some of these vulnerabilities. The IP and CSAT programs contain details about the nation's critical infrastructure-- details that may be useful to a nation state adversary. CISA refuses comment on these breaches.
What You Can Do
While we cannot address CISA's compromise, we need to ensure that any Ivanti Connect Secure VPN software is patched or decommissioned. Clearly, the vulnerabilities are being exploited to gain access to sensitive networks.