Software giant Ivanti discovered in February 2021 that the network of Pulse Secure, one of its subsidiaries that provides VPN appliances to dozens of businesses and government agencies around the world, had been compromised by Chinese hackers, according to a new report from Bloomberg.
Bloomberg reported, citing Ivanti's then-chief security officer and other sources, that the hackers exploited a secret backdoor in Pulse Secure's VPN software. This backdoor gave hackers access to 119 other anonymous organizations that were using the same company's VPN product.
Mandiant was also reportedly aware of the breach and alerted Ivanti that hackers had exploited the bug to break into military contractors in Europe and the United States.
This previously unreported breach is the latest example of how acquisitions, layoffs, and cost-cutting by private equity firms have compromised the quality and security of Ivanti's most critical technology. After private investment giant Clearlake Capital Group acquired Ivanti in 2017, Bloomberg reported a series of layoffs, particularly in 2022, affecting employees who had institutionally deep knowledge of the company's products and their security.
Ivanti and Mandiant did not respond to requests for comment.
Bloomberg's findings echo previous reporting on Citrix, a rival provider of remote access tools that has made major job cuts following a deal by Elliott Investment Management and Vista Equity Partners to buy the company in 2022. Like Ivanti, Citrix has been plagued by cybersecurity incidents and major flaws in recent years.
Ivanti's VPN products have since been responsible for at least two other large-scale attacks.
tech crunch event
Boston, Massachusetts | June 9, 2026
In early 2024, the US cybersecurity agency CISA ordered all federal agencies to disconnect Ivanti VPN appliances within two days because hackers were actively exploiting vulnerabilities unknown to Ivanti at the time. Ivanti warned customers last year that hackers were exploiting another critical flaw in its Connect Secure product to hack into business customers.