The U.S. National Security Agency has confirmed that hackers exploiting a flaw in Ivanti's widely used enterprise VPN appliance targeted organizations across the U.S. defense sector.
NSA spokesman Edward Bennett said in an emailed statement to TechCrunch on Friday that the U.S. intelligence community, along with interagency intelligence agencies, is “tracking the broader impact of the recent misuse of Ivanti products. I am aware of it,” he admitted. [sic] Department of Defense of the United States. ”
” [NSA’s] “The Cybersecurity Collaboration Center continues to work with our partners to detect and mitigate this activity,” the spokesperson added.
Confirmation that the NSA is tracking these cyberattacks comes as multiple vulnerabilities affect Ivanti Connect Secure, a popular remote access VPN software used by thousands of businesses and large organizations around the world. It comes just days after Mandiant reported that hackers suspected of Chinese espionage had made “massive attempts” to exploit .
Earlier this week, Mandiant announced that Chinese-backed hackers, which the company tracks as a threat group it calls UNC5325, were targeting organizations across a variety of industries. This includes the U.S. Defense Industrial Infrastructure Sector, a global network of thousands of private sector organizations that provide equipment and services to the U.S. military, Mandiant said, citing previous research by security firm Volexity. said.
In his analysis, Mandiant said UNC5325 demonstrates “significant knowledge” about the Ivanti Connect Secure appliance and uses resident techniques (legitimate tools already present on the target system) to better evade detection. and the use of features). He said. The Chinese-backed hackers also deployed new malware that “remains embedded in Ivanti devices even after factory resets, system upgrades, and patching.”
This is reflected in an advisory released Thursday by US cybersecurity agency CISA, which says hackers exploiting vulnerable Ivanti VPN appliances could maintain root-level persistence even after a factory reset. I'm warning you that it's sexual. The Federal Cyber Security Agency said its own independent testing showed that a successful attacker could fool Ivanti's integrity checker tool, resulting in a “failure to detect a breach.” Ta.
In response to CISA's findings, Ivanti Field Chief Information Security Officer Mike Riemer downplays CISA's findings and says Ivanti does not believe CISA's tests will work against real-world customer environments TechCrunch told. Riemer added that Ivanti “recommends the security that Ivanti recommends.”
It remains unclear exactly how many Ivanti customers are affected by the widespread exploitation of the Connect Secure vulnerability that began in January.
Akamai said in an analysis released last week that hackers attempt about 250,000 exploits every day, targeting more than 1,000 customers.