Attackers hacked into two critical systems of the U.S. CISA.

Hackers exploiting Ivanti vulnerabilities have compromised the cybersecurity and infrastructure security agency's (CISA) systems. According to initial information from Recorded Future News, CISA was hacked in February.

In response to the security breach, the agency had to shut down two critical systems, according to a CISA spokesperson and U.S. officials with knowledge of the incident, according to CNN. One of the systems affected by the incident is used to facilitate the sharing of cybersecurity and physical security assessment tools between federal, state and local officials. The second system contained information related to security assessments of chemical facilities.

Recorded Future News, citing a source with knowledge of the situation, reports that the hacked systems are the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT). The CSAT contains sensitive industry information, including the Top Screen tool for high-risk chemical facilities, site security plans and security vulnerability assessments. A CISA spokesperson, speaking to Recorded Future News, said an initial investigation by government experts revealed that attackers exploited vulnerabilities in Ivanti products used by the agency. "The impact is limited to two systems, which we immediately shut down.

Ironically, CISA warned U.S. organizations that attackers could exploit vulnerabilities in Ivanti software. On February 1, for the first time in its history, CISA ordered federal agencies to disable all instances of Ivanti Connect Secure and Ivanti Policy Secure within 48 hours. On Feb. 29, CISA again warned organizations that attackers are exploiting vulnerabilities (CVE-2023-46605, CVE-2024-21887 and CVE-2024-21893) in Ivanti Connect Secure and Policy Secure Gateways. The agency did not provide details about the hack attack or name a specific attacker. A CISA spokesperson told CNN that the security breach did not affect the agency's operations.