The US Cybersecurity and Infrastructure Security Agency (CISA) has disclosed a breach in its Chemical Security Assessment Tool (CSAT), stemming from a zero-day vulnerability in Ivanti Connect Secure. The incident occurred between January 23 to 26, 2024, prompting CISA to immediately isolate and investigate the compromised system. While there is no evidence of data exfiltration, CISA has alerted individuals whose personally identifiable information (PII) may have been accessed, particularly those involved in the Chemical Facility Anti-Terrorism Standards (CFATS) program.
CSAT is integral to CFATS, which regulates security measures at high-risk chemical facilities handling hazardous materials. PII potentially compromised includes information submitted for vetting and access authorization, such as names, birthplaces, citizenship details, and business contact information. Despite data encryption and additional security measures in place, CISA recommends affected users reset their CSAT passwords to mitigate any potential risks of unauthorized access or future attacks.
Following the breach, CISA promptly shut down the affected Ivanti Connect Secure appliance and initiated a forensic investigation. The agency’s technical experts identified the installation of a malicious webshell on the device, capable of executing commands and potentially accessing sensitive data. While the investigation found no evidence of credentials being stolen, CISA continues to monitor the situation and urges vigilance among CSAT users in safeguarding their accounts against potential threats.
