Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways

TLP:CLEAR

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) and the following partners (hereafter referred to as the authoring organizations) are releasing this joint Cybersecurity Advisory to warn that cyber threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. CISA and authoring organizations appreciate the cooperation of Volexity, Ivanti, Mandiant and other industry partners in the development of this advisory and ongoing incident response activities. Authoring organizations:

• Federal Bureau of Investigation (FBI)
• Multi-State Information Sharing & Analysis Center (MS-ISAC)
• Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
• United Kingdom National Cyber Security Centre (NCSC-UK)
• Canadian Centre for Cyber Security (Cyber Centre), a part of the Communications Security Establishment
• New Zealand National Cyber Security Centre (NCSC-NZ)
• CERT-New Zealand (CERT NZ)

Of particular concern, the authoring organizations and industry partners have determined that cyber threat actors are able to deceive Ivanti’s internal and external Integrity Checker Tool (ICT), resulting in a failure to detect compromise.

Please click here to read more detail

TLP:CLEAR