VPN flaws allowed Chinese hackers to compromise dozens of Ivanti customers, says report

In a significant cybersecurity breach, Ivanti, a prominent software developer, revealed that Chinese hackers infiltrated its subsidiary Pulse Secure's network, which provides VPN services to numerous corporations and governmental bodies globally. This alarming incident, reported by Bloomberg, was traced back to a hidden backdoor planted in the Pulse Secure VPN software, allowing the attackers access to a staggering 119 additional organizations that utilized the same technology. The cybersecurity firm Mandiant reportedly had prior knowledge of these breaches, having informed Ivanti that the vulnerabilities had been exploited to target both European and U.S. military contractors. This incident sheds light on the broader implications of company acquisitions and subsequent layoffs, which have been linked to a decline in the security standards of Ivanti's technologies, particularly after its acquisition by Clearlake Capital Group in 2017. Reports indicate that significant cuts, especially in 2022, resulted in the loss of key personnel who possessed valuable expertise regarding the company's security protocols. This situation mirrors challenges faced by competitors like Citrix, which also experienced major layoffs after a 2022 acquisition, leading to similar cybersecurity issues. Since the initial breach, Ivanti's VPN products have been implicated in at least two other major cybersecurity incidents. Most recently, in early 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) mandated that all federal agencies disconnected their Ivanti VPN devices within a 48-hour window due to ongoing exploitation of undisclosed vulnerabilities. Additionally, Ivanti had issued warnings to its clients about another serious flaw in its Connect Secure product that hackers were actively exploiting to breach corporate networks.