Two Critical US Systems Hacked, Forcing US Cybersecurity Agency To Shut Them Down

By Thea Felicity

Mar 10, 2024 10:44 AM EDT

WASHINGTON, DC - SEPTEMBER 25: Commander of U.S. Cyber Command and director of the National Security Agency (NSA) General Keith Alexander speaks during the fourth annual Cybersecurity Summit September 25, 2013 at the National Press Club in Washington, DC. General Alexander discussed "media leak" and defended for the NSA surveillance program on American people.
(Photo : Photo by Alex Wong/Getty Images)

US Cybersecurity and Infrastructure Security Agency (CISA) announced that two of their systems were hacked in February, as reported first by The Record. CISA reported that the breach took advantage of weaknesses in Ivanti products, previously identified as a concern by CISA.

CISA required all US government agencies to disconnect Ivanti Connect Secure and Ivanti Policy Secure in response to these vulnerabilities.

The US cybersecurity agency also took immediate action against hackers by shutting down the affected systems: the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT).

These systems now store important industrial data for evaluating and protecting essential US infrastructure. They play a key role in identifying high-risk chemical facilities and conducting assessments to identify security vulnerabilities, which makes them valuable in ensuring the security of critical infrastructure in the United States.

However, it's unclear whether any data was accessed or stolen during the incident, as CISA did not provide specific details. The US cybersecurity agency also reassured the public that there was no immediate operational impact.

Nonetheless, it was emphasized that government agencies and organizations globally encounter ongoing threats.

They recently doubted the 2-hour outage from Meta, suspecting it as a possible breach in their systems, according to VCPost.

Who Hacked The US Cybersecurity Agency?

Hackers who attacked the US Cybersecurity Agency aren't known yet. Still, they took advantage of weaknesses in widely used virtual private networking software created by Ivanti, a company based in Utah.

According to information from private researchers, CNN reported that a Chinese group that focuses on gathering secret information is exploiting these weaknesses.

To protect more systems, CISA has been advising government agencies and private companies to update their software or use other protective measures because hackers have been taking advantage of these vulnerabilities for some time.

Sectors