In February 2021, Ivanti, a prominent software company, uncovered a significant security breach involving Chinese hackers who compromised the network of Pulse Secure, a subsidiary that supplies VPN solutions to various organizations, including government agencies. This breach was detailed in a recent report.
The attackers took advantage of a hidden backdoor embedded in Pulse Secure's VPN software, which enabled them to infiltrate the systems of 119 additional organizations utilizing the same VPN technology, according to Ivanti's former chief security officer and other credible sources.
Additionally, cybersecurity firm Mandiant played a role in identifying these breaches, notifying Ivanti that the vulnerabilities were exploited to gain access to contractors working with the U.S. and European military.
This incident highlights concerns regarding the security of Ivanti's technologies, particularly following the company's acquisition by Clearlake Capital Group in 2017. Reports indicate that subsequent layoffs and restructuring, particularly in 2022, have impacted the security integrity of Ivanti's offerings by diminishing the knowledge base of its workforce.
Despite requests for comments, both Ivanti and Mandiant have remained silent on the matter. The findings from Bloomberg resonate with previous reports concerning Citrix, another provider of remote access tools, which also faced challenges following substantial layoffs and cybersecurity incidents.
Since the initial breach, Ivanti's VPN products have been implicated in at least two other significant security events. In early 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) mandated that all federal agencies disconnect their Ivanti VPN appliances within 48 hours due to active exploitation of vulnerabilities that were previously unknown to the company. Furthermore, Ivanti had cautioned its clients about another critical flaw in its Connect Secure product that hackers were actively exploiting.
