Joint Cybersecurity Advisory Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure
Joint Cybersecurity Advisory Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
TLP Clear
February 29, 2024
SUMMARY
The Cybersecurity and Infrastructure Security Agency (CISA) and the following partners (hereafter referred to as the authoring organizations) are releasing this joint Cybersecurity Advisory to warn that cyber threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. CISA and authoring organizations appreciate the cooperation of Volexity, Ivanti, Mandiant and other industry partners in the development of this advisory and ongoing incident response activities. Authoring organizations:
- Federal Bureau of Investigation (FBI)
- Multi-State Information Sharing & Analysis Center (MS-ISAC)
- Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
- United Kingdom National Cyber Security Centre (NCSC-UK)
- Canadian Centre for Cyber Security (Cyber Centre), a part of the Communications Security Establishment
- New Zealand National Cyber Security Centre (NCSC-NZ)
- CERT-New Zealand (CERT NZ)
Of particular concern, the authoring organizations and industry partners have determined that cyber threat actors are able to deceive Ivanti’s internal and external Integrity Checker Tool (ICT), resulting in a failure to detect compromise.
View the detailed Advisory below.
Actions to take today to mitigate cyber threats against Ivanti appliances:
- Limit outbound internet connections from SSL VPN appliances to restrict access to required services.
- Keep all operating systems and firmware up to date.
- Limit SSL VPN connections to unprivileged accounts.
For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact: