International /

Washington Times: Federal government’s lead cybersecurity agency reveals it was hacked Investigators see possible link to Chinese-backed operatives

  |   By Polling+ Staff

AFP PHOTO/Jim WATSON (Photo by Jim WATSON / AFP) (Photo by JIM WATSON/AFP via Getty Images)

Uh-oh.

The Washington Times headlines: Federal government’s lead cybersecurity agency reveals it was hacked

Federal government’s lead cybersecurity agency reveals it was hacked

The Washington Times https://www.washingtontimes.com

The Cybersecurity and Infrastructure Security Agency, the federal government’s premier anti-hacking agency, rece…

Federal government’s lead cybersecurity agency reveals it was hacked

Investigators see possible link to Chinese-backed operatives

The story reports:

“The Cybersecurity and Infrastructure Security Agency, the federal government’s premier anti-hacking agency, recently acknowledged that hackers breached its systems earlier this year to access details of its Chemical Security Assessment Tool, which the government uses to collect information from facilities with dangerous chemicals that could be weaponized by terrorists.

The federal cyber agency said it has notified participants in the Chemical Facility Anti-Terrorism Standards program about the digital intrusion and potentially exposed information.

The chemical assessment tool “was the target of a cybersecurity intrusion by a malicious actor from January 23-26, 2024,” CISA said on its website this month.

“While CISA’s investigation found no evidence of exfiltration of data, this intrusion may have resulted in the potential unauthorized access of Top-Screen Surveys, Security Vulnerability Assessments, Site Security Plans, Personnel Surety Program (PSP) submissions, and CSAT user accounts.” 

While the agency said it had detected no stolen data, it warned in notification letters that the hackers may have accessed the personally identifiable information of chemical facility personnel and visitors to the facilities with access to restricted areas and high-risk chemicals.

CISA did not fully detail prospective victims but the agency published sample notification letters last week to victims of the breach that it translated into Arabic, Chinese, French, German, Hindi, Japanese, Korean, Spanish and Tagalog.

The agency did not identify the hackers responsible, but said the vector for the breach involved Ivanti appliances, including Ivanti Connect Secure.

“We identified that a malicious actor installed an advanced webshell on the Ivanti device,” the agency said in its sample notification letter. “This type of webshell can be used to execute malicious commands or write files to the underlying system. Our analysis further identified that a malicious actor accessed the webshell several times over a two-day period.”  

Mandiant, a cybersecurity firm, has tied recent problems with Ivanti Connect Secure to China-linked cyberattackers.

Mandiant partnered with CISA to issue an advisory about the problems with Ivanti in February. The advisory links to a Mandiant blog post from January saying it identified a “China-nexus espionage threat actor” exploiting the vulnerability.

U.S. officials have separately warned this year that China-sponsored cyberattackers are secretly pre-positioning themselves in critical U.S. infrastructure systems in order to conduct potential future attacks.

To answer questions about the newly revealed hack of CISA, the agency is holding webinars with stakeholders. The next meeting is scheduled for July 9.”

History records that the success of the Japanese attack on Pearl Harbor came in part because the world had never seen a massive air attack before. Then the technology was at hand. So too is new computerized technology at hand. A Pearl Harbor can be hand with nobody leaving a room.

Stay tuned and buckle in.