China-linked Hackers use Pulse Connect Secure VPN Flaw to Target Federal Agencies

The News: It was reported last week that at least two groups of hackers linked to China have spent months taking advantage of a flaw in Ivanti’s Pulse Connect Secure VPN suite to break into what was defined as a ‘very limited number’ of customers’ systems — but which included at least five federal civilian agencies and financial institutions in the U.S. and beyond. Hackers were able to break into the devices as they were being used. More from Reuters.

Analyst Take: Hackers suspected to be linked to China have exploited vulnerabilities in Ivanti’s Pulse Connect Secure VPN products targeting multiple government agencies, defense companies, and financial institutions in the U.S. and Europe. Cybersecurity company FireEye, (who also discovered and reported the recent SolarWinds hack) reported tracking 12 malware families associated with the exploitation of Pulse Connect VPN devices. All of this malware was related to circumvention and backdoor access and circumvention to the VPN devices.

China-linked Hackers use Pulse Connect Secure VPN Flaw to Target US Defense Industry Researchers

FireEye’s Mandiant reported on April 20th that they believe multiple threat actors are involved in the attack, and that these intrusions targeted government, defense, and financial institutions globally. Each instance of hacker activity was ultimately traced back to the Pulse Connect VPN devices. It’s probably also important to note here that Pulse Connect’s parent, Ivanti, has contracts with the Nuclear Regulatory Commission, the Pentagon, the Bureau of Fiscal Service, and the Coast Guard.

Check Vulnerability and Patch Your Pulse Connect Secure VPN Devices

In acknowledging this attack, CISA issued an advisory on April 20, 2021, advising that Ivanti has developed a checker tool or an ‘Integrity Tool’ that can be used by any agency using the Pulse Connect products to check their vulnerability and strongly encourages all Pulse Secure customers to use the took to check for malicious activity.

While the initial press around this hack has worked to minimize damage, CISA has identified 24 federal civilian agencies that use Ivanti’s Pulse Secure Connect VPN devices and issued a directive last week that every agency using these devices figure out how many VPN devices they have and also that they run Ivanti’s ‘integrity tool’ to determine whether or not they are at risk, and report back to the agency.

It was announced today that Ivanti has released a security update for the Pulse Connect Secure, addressing a new authentication bypass.

Ivanti urges customers using Pulse Connect Secure 9.0RX and 9.1RX to immediately upgrade to Pulse Connect Secure 9.1R11.4, which fixes the vulnerability.

For our Cybersecurity Shorts conversation on the Futurum Tech Webcast about the Pulse Connect Secure VPN Flaw, check it out here:

Or grab the audio from our podcast here:

Disclaimer: The Futurum Tech Webcast is for information and entertainment purposes only. Over the course of this podcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors and we do not ask that you treat us as such.

Other insights from Futurum Research:

Cybersecurity Shorts — China-Linked VPN Hack, Bipartisan Cybersecurity Efforts, New Study From HP On Nation-State Cyber Incidents And More

SAP Cyberattack Currently Underway Exploits Known Security Vulnerabilities

Bipartisan Lawmakers Work Toward Disclosure Bill For Cybersecurity Breaches 

Author Information

Shelly Kramer is a Principal Analyst and Founding Partner at Futurum Research. A serial entrepreneur with a technology centric focus, she has worked alongside some of the world’s largest brands to embrace disruption and spur innovation, understand and address the realities of the connected customer, and help navigate the process of digital transformation. She brings 20 years' experience as a brand strategist to her work at Futurum, and has deep experience helping global companies with marketing challenges, GTM strategies, messaging development, and driving strategy and digital transformation for B2B brands across multiple verticals. Shelly's coverage areas include Collaboration/CX/SaaS, platforms, ESG, and Cybersecurity, as well as topics and trends related to the Future of Work, the transformation of the workplace and how people and technology are driving that transformation. A transplanted New Yorker, she has learned to love life in the Midwest, and has firsthand experience that some of the most innovative minds and most successful companies in the world also happen to live in “flyover country.”


Latest Insights:

On this episode of The Six Five – On The Road, hosts Daniel Newman and Patrick Moorhead welcome Intel’s Greg Lavender and Sandra Rivera for a conversation on Intel’s AI Portfolio during Intel Innovation in San Jose, California.
A Ride-Hailing Service Powered by 100% Renewable Energy
Clint Wheelock, Chief Research Officer at The Futurum Group, examines Waymo’s announcement that it has decided to focus its efforts and investment on Waymo One, its ride-hailing service.
From Digital Transformations To Periodic Software Reviews, Increased Visibility Can Help Reduce Costs and Improve Application Utilization
Keith Kirkpatrick, Research Director at The Futurum Group, covers WalkMe’s Digital Adoption Platform and discusses why the tool is useful for organizations that are expanding or consolidating their software tech stacks.
Are Consulting Firms Best Positioned To Lead Enterprise AI Transformation?
Mark Beccue, Research Director at The Futurum Group, examines the EY and BCG announcements about major AI initiatives and how these offerings will affect the market.