UPDATED: Adds information on CISA Update Today to the Activity Alert originally released on April 20.
WASHINGTON: CISA confirmed today that it is investigating at least five federal agencies to determine whether they have been compromised It recently revealed vulnerabilities in Pulse Connect Secure hardware.
Matt Hartman, Deputy Assistant Executive Director at CISA, said in a statement provided to Break defense, “CISA is aware of at least five federal civilian agencies that have run the Pulse Connect Secure Integrity Tool and have identified indicators of potential unauthorized access. We are working with each agency to verify whether or not there has been a breach and will provide incident response support accordingly.”
Hartmann did not name which agencies are under ongoing investigation.
Since March 31, CISA has been assisting “multiple entities” that have exploited vulnerable Pulse Connect Secure products. Previously a source at CISA Tell Break defense The US government has not made a decision on attribution.
On April 20 CISA Issued Emergency directing And the Activity alert On four security vulnerabilities – three previously known since last year and one newly discovered this month – in Pulse Connect Secure. CISA today Updated Activity alert to include new information about the Transport Layer Security (TLS) fingerprint, a technology that can be used to identify malicious activity.
Request the emergency directive from all federal civilian agencies to identify Pulse Connect Secure devices in use and run a file Free online tool To assess whether a product has been hacked. The results were due to CISA last Friday. Based on these findings, CISA discovered additional evidence of potential violations.
Previously CISA source Tell Break defense 24 federal agencies are using the popular product that enables workers to remotely access federal networks via a Virtual Private Network (VPN). VPNs encrypt data as it travels over public networks.
Without the affected agencies or the attacker knowing or more detail about the tactics, techniques, and procedures used in these potential breaches, it is difficult to judge their potential severity. What is clear is that federal agencies remain targets of ongoing cyber operations, often by foreign governments.
News of these latest potential violations comes on the heels SolarWinds And the Microsoft Exchange Server Cyber espionage campaigns. United States government Officially attributed The first – which affected at least nine federal agencies – is for Russia on April 15, and the last is Widely believed To be working In the first place from Chinese threat actors, Although the US government has yet to officially attribute the campaign.