Top US cybersecurity agency hacked and forced to take some systems offline

CNN
—

A federal agency responsible for cybersecurity discovered last month that two key computer systems had been hacked offline, an agency spokesperson and a U.S. official familiar with the incident told CNN. Ta.

One of the affected U.S. Cybersecurity and Infrastructure Security Agency systems is a system that allows federal, state and local officials to share cyber and physical security assessment tools, according to U.S. officials briefed on the matter. They say they are running a program that allows them to do so. The other is said to hold information on safety evaluations of chemical facilities.

A CISA spokesperson said in a statement that there is “no operational impact at this time” as a result of the incident, and that the agency continues to “upgrade and modernize its systems.”

“This is a reminder that any organization can be affected by cyber vulnerabilities and having an incident response plan in place is a necessary component of resilience,” the spokesperson said, adding It added that the impact was “limited to two systems.” I immediately took it offline. ”

Officials told CNN that the two systems were already running older technology that was slated to be replaced.

CISA, part of the Department of Homeland Security, investigates cyber intrusions at federal agencies and advises private critical infrastructure companies on how to strengthen their security.

The Record first reported on the hack.

It wasn’t immediately clear who was behind the hack, but it was caused by a vulnerability in the popular virtual private networking software developed by Utah-based IT company Ivanti. For weeks, CISA has been urging federal agencies and private companies to update their software or take other protective measures in response to widespread exploitation of Ivanti vulnerabilities by hackers.

Private researchers previously told CNN that hackers exploiting the flaw include Chinese groups focused on espionage.

There is some irony in this, but even cybersecurity agencies and officials can become victims of hacking. After all, they rely on the same technology as other companies. Top U.S. cybersecurity diplomat Nate Fick said last year that his personal account on social media platform X was hacked, calling it part of a “job hazard.”