The top U.S. cyber watchdog agency issued an emergency directive Friday, mandating that all federal agencies protect themselves against a dangerous vulnerability in a popular software program. The watchdog said it is conducting investigations into whether China had used the program to spy on the agencies.

The program used by the agencies is called Ivanti Connect Secure, which allows employees to remotely connect to work. A devastating vulnerability in the program, first discovered in December by the cybersecurity company Volexity, can grant hackers significant access to the businesses or government agencies that use it and allows for the creation of additional back doors to return later.

As news of the vulnerability has become widespread, at least 1,700 known organizations around the world have been hacked with it, Volexity has found.

In a press call with reporters late Friday afternoon, Eric Goldstein, the executive assistant director at the U.S. Cybersecurity and Infrastructure Security Agency (CISA), said that hackers have learned about the vulnerability and increasingly have tried to hack companies and government agencies that use Connect Secure.

“We have observed additional targeting of federal agencies as part of the broader opportunity campaign at this point. Each of those instances are under investigation by CISA and the relevant agency,” Goldstein said.

Someone tried to use the Ivanti flaw to try to hack some federal agencies, Goldstein said, though it wasn’t yet clear if any had been successful. Around 15 agencies use the software, he said.

The hacking campaign echoes a strikingly similar one in 2021, when CISA announced that a vulnerability in an earlier version of the same program, at the time called Pulse Secure, had enabled hackers to gain access to multiple federal U.S. agencies. The cybersecurity company Mandiant, now owned by Google, said at the time that the hackers who had gained access to federal systems were members of a Chinese intelligence service conducting espionage.

A spokesperson for China’s embassy in Washington said in an email that “the Chinese government’s position on cyber security is consistent and clear. We have always firmly opposed and cracked down on all forms of cyber hacking in accordance with the law. The remarks by the U.S. side is completely distorting the truth.”

deflected that claim at the time, and often disputes the frequent accusations of cyberespionage made by U.S. and other Western officials and Western cybersecurity companies. The embassy did not immediately reply to a request for comment about CISA’s investigation.

Goldstein stopped short of blaming China for the most recent attempts, but said that what his agency had seen “would be consistent with what we have seen from PRC actors,” using an acronym for the country’s official name, the People’s Republic of China.

“At this time, we do not have any evidence to suggest that PRC actors have used these vulnerabilities to exploit federal agencies. But of course, we are focused on that very issue and driving urgent mitigation to ensure that both our federal networks and critical infrastructure are taking the right steps in response,” he said.

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

NYC school bosses changed F grade in advanced placement class, then targeted teacher who exposed the scheme: lawsuit

NYC School Leaders Accused of Changing AP Student’s F Grade and Retaliating Against Whistleblower Teacher

In this case, the “F” allegedly stood for “fixed.” Administrators at a…
Man accused of mowing down two girls in alleged double murder exposes twisted reason he kept streaming

Accused Double-Murder Driver Reveals Why He Kept Livestreaming After Allegedly Running Down Two Girls

A New Jersey man accused of fatally striking two teenage girls appeared…
Burglar suspect seen in bizarre arrest picture — after making hilariously dumb escape error

Burglar Suspect’s Unusual Arrest Photo Follows Costly Escape Mistake

A Northern California woman’s alleged vehicle burglary ended in an unexpected place…
Prosecutors argue the man accused of killing Charlie Kirk should stand trial

Prosecutors Say Suspect in Charlie Kirk Killing Should Face Trial

PROVO, Utah — A pivotal hearing begins Monday in Utah in the…
Trump says he saw World Cup play that led to Folarin Balogun's suspension and spoke to FIFA president

Trump Says He Witnessed World Cup Incident Behind Folarin Balogun Suspension, Discussed It With FIFA Chief

Washington — President Trump said Monday that he watched the World Cup…
Joshua Zimerman completes journey to all 14 presidential museums at Obama Presidential Center on Chicago's South Side

Joshua Zimerman Caps 14-Museum Presidential Tour at Obama Presidential Center on Chicago’s South Side

CHICAGO (WLS) — A traveler who spent almost 10 years making his…
Golden State Tree Service owner headed to trial on child rape and molestation charges

Golden State Tree Service Owner to Stand Trial on Child Rape and Molestation Charges

A local business owner is set to face trial next month after…
Search called off after body matching missing teen Nolan Wells found off Mississippi coast

Search Ends After Body Believed to Be Missing Teen Nolan Wells Found Off Mississippi Coast

Authorities have ended the search for a Mississippi teenager who disappeared over…
FBI has no reason to believe Nancy Guthrie ransom notes are genuine: expert

FBI Skeptical of Nancy Guthrie Ransom Notes’ Authenticity, Expert Says

The FBI appears to be keeping its options open as it examines…
Belgium's Soccer Federation 'Astonished' that FIFA Allowed US Star Folarin Balogun to Play After Red Card

Belgium FA Stunned After FIFA Clears USMNT Star Folarin Balogun to Play Despite Red Card

In an unexpected twist, the side that stood to benefit most from…
How Tyler Robinson hearing is an attempt to end vile Charlie Kirk conspiracy theories once and for all

Tyler Robinson Hearing Aims to Put Charlie Kirk Conspiracy Theories to Rest

Erika Kirk and prosecutors have argued for keeping proceedings against Tyler Robinson,…
3 NYC residents died from heat during last week's scorcher, new figures show

NYC Heat Wave Death Toll Rises as Officials Confirm 3 Residents Died in Last Week’s Scorcher

Three people in New York City died during last week’s dangerous heat…