Pulse Connect Secure Hack Possibly Violates Five Federal Agencies


Hackers with dubious ties to China repeatedly exploited vulnerabilities in Pulse Secure VPN, a widely used remote connectivity tool Get access to government agenciesDefense companies and financial institutions in the US and Europe released a report earlier this month.

For the past several weeks the Cybersecurity and Infrastructure Security Agency has been working to determine the extent of the problem and help agencies secure their systems, asking them to run “integrity tools” to investigate potential compromises is.

“CISA is aware of at least five federal civilian agencies that have run the Pulse Connect Secure Integrity tool and identified signs of possible unauthorized access,” CyberSpecific Deputy Executive Assistant Matt Hartman said in a statement.

“We are working with each agency to find out whether an intrusion has taken place and will have incident response support accordingly,” he said.

Reuters Previously reported the number of affected agencies.

CNN reported last week that the CISA has identified 24 federal civilian agencies that use Pulse Connect Secure Devices, but it was not yet known whether the agencies were compromised.

A week after CISA issued a rare “emergency directive”, a search for potential violations issued a short “emergency directive”, allowing all federal civilian agencies to determine how many products they had, including “integrity tools.” Run, install the update and submit a report to CISA. Emergency instructions are used when agency systems have a high probability of agreement.

According to a CISA spokesperson, since March 31, CISA has been helping a number of organizations whose vulnerable Pulse Connect Secure Products have been exploited by cyber cyber actors.

The US government has not yet determined responsibility for the hack.

Intrusions into Pulse Secure devices “do not show evidence of the same highly complex tradecraft or supply chain attack as we saw SolarWinds Intrusion, “CISA Cybercity chief Eric Goldstein previously told CNN, warning that it was still early in the investigation.

He also said there is no “indiscriminate targeting” similar to the Microsoft Exchange Server campaign, where “various plagues” compromised thousands of servers, he said.


Source link