U.S. cyber watchdog issues emergency directive to federal agencies about remote work software

Kevin Collier

January 19, 2024 at 8:30 PM·3 min read

The top U.S. cyber watchdog agency issued an emergency directive Friday, mandating that all federal agencies protect themselves against a dangerous vulnerability in a popular software program. The watchdog said it is conducting investigations into whether China had used the program to spy on the agencies.

The program used by the agencies is called Ivanti Connect Secure, which allows employees to remotely connect to work. A devastating vulnerability in the program, first discovered in December by the cybersecurity company Volexity, can grant hackers significant access to the businesses or government agencies that use it and allows for the creation of additional back doors to return later.

As news of the vulnerability has become widespread, at least 1,700 known organizations around the world have been hacked with it, Volexity has found.

In a press call with reporters late Friday afternoon, Eric Goldstein, the executive assistant director at the U.S. Cybersecurity and Infrastructure Security Agency (CISA), said that hackers have learned about the vulnerability and increasingly have tried to hack companies and government agencies that use Connect Secure.

“We have observed additional targeting of federal agencies as part of the broader opportunity campaign at this point. Each of those instances are under investigation by CISA and the relevant agency,” Goldstein said.

Someone tried to use the Ivanti flaw to try to hack some federal agencies, Goldstein said, though it wasn’t yet clear if any had been successful. Around 15 agencies use the software, he said.

The hacking campaign echoes a strikingly similar one in 2021, when CISA announced that a vulnerability in an earlier version of the same program, at the time called Pulse Secure, had enabled hackers to gain access to multiple federal U.S. agencies. The cybersecurity company Mandiant, now owned by Google, said at the time that the hackers who had gained access to federal systems were members of a Chinese intelligence service conducting espionage.

A spokesperson for China’s embassy in Washington said in an email that "the Chinese government’s position on cyber security is consistent and clear. We have always firmly opposed and cracked down on all forms of cyber hacking in accordance with the law. The remarks by the U.S. side is completely distorting the truth."

deflected that claim at the time, and often disputes the frequent accusations of cyberespionage made by U.S. and other Western officials and Western cybersecurity companies. The embassy did not immediately reply to a request for comment about CISA’s investigation.

Goldstein stopped short of blaming China for the most recent attempts, but said that what his agency had seen “would be consistent with what we have seen from PRC actors,” using an acronym for the country’s official name, the People’s Republic of China.

“At this time, we do not have any evidence to suggest that PRC actors have used these vulnerabilities to exploit federal agencies. But of course, we are focused on that very issue and driving urgent mitigation to ensure that both our federal networks and critical infrastructure are taking the right steps in response,” he said.

This article was originally published on NBCNews.com

Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Finance
Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'
Ryan says he would be writing in a Republican candidate instead of voting for Donald Trump.
Yahoo Sports
Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from
With free agency and the draft behind us, what 32 teams look like today will likely be what they look like Week 1 and beyond for the 2024 season. Matt Harmon and Scott Pianowski reveal the post-draft fantasy power rankings. The duo break down the rankings in six tiers: Elite offensive ecosystems, teams on the cusp of being complete mixed bag ecosystems, offensive ecosystems with something to prove, offenses that could go either way, and offenses that are best to stay away from in fantasy.
Yahoo Sports
Fantasy Baseball Waiver Wire: Jonny DeLuca leads intriguing pickups
Fantasy baseball analyst Andy Behrens offers up a fresh batch of midweek pickups to consider, led by a former Dodgers prospect.
Yahoo Sports
Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1
It’s key to note that we’re not saying the “best team” or “best roster.” Instead, we’re talking about the best confluence of factors that can outline a path for survival and then success.
Yahoo Sports
Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing
The Cardinals' nightmare season continues.
Yahoo Finance
These 3 stocks are poised to benefit from the massive energy transition
The energy transition will benefit companies providing electrical needs for surging demand. Analysts point to these three stocks as a Buy.
Yahoo Sports
Bulls' Lonzo Ball picks up $21.4 million option for 2024-25 season amid knee concerns
Ball hasn't played since the 2021-22 season.
Yahoo Sports
Fantasy Baseball Trade Analyzer: Buy into a pair of Astros sluggers
Fantasy baseball analyst Fred Zinkie offers up his top buy low/high and sell low-high candidates for Week 6.
Yahoo Sports
2024 NFL Team Fantasy Football Power Rankings, 1.0
With NFL rosters pretty much set before training camp, Scott Pianowski reveals his first set of team fantasy power rankings for the 2024 season.
Yahoo Sports
Phil Mickelson on the majors: 'What if none of the LIV players played?'
Phil Mickelson hints that big changes could be coming to LIV Golf's rosters, and the majors will need to pay attention.
Yahoo Finance
Social Security just passed Medicare as the government's most pressing insolvency risk
An annual government report offered a glimmer of good news for Social Security and a jolt of good news for Medicare even as both programs continue to be on pace to run dry next decade.
Yahoo Sports
Indianapolis Star bars columnist Gregg Doyel from covering Caitlin Clark, Fever after inappropriate exchange
Doyel is also reportedly suspended for two weeks without pay.
Yahoo Sports
Nuggets star Jamal Murray takes ‘full responsibility’ for throwing heat pack, towel on court in Game 2 loss
Jamal Murray was fined $100,000 by the league this week for throwing things onto the court in his team's loss to the Timberwolves on Monday.
Yahoo Sports
The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024
Fantasy baseball analyst Dalton Del Don delivers his latest batch of hot takes as we enter Week 6 of the season.
Yahoo Sports
NFL Draft fashion: Caleb Williams, Malik Nabers dressed to impress, but Marvin Harrison Jr.'s medallion stole the show
Every player was dressed to impress at the 2024 NFL Draft.
Yahoo Sports
Ex-Ole Miss QB and Denver Broncos draft pick Chad Kelly suspended at least nine games by CFL
Kelly allegedly harassed a female strength and conditioning coach who sued him and the Toronto Argonauts in February.
Yahoo Finance
Fed’s Kashkari: Rates will stay high for 'extended period' and can't rule out a hike
Minneapolis Fed president Neel Kashkari said interest rates will likely stay at current levels for an "extended period" and didn't rule out a hike if inflation stalls near 3%.

News

Life

Entertainment

Finance

Sports

New on Yahoo

U.S. cyber watchdog issues emergency directive to federal agencies about remote work software

Recommended Stories

The FDIC change that leaves wealthy bank depositors with less protection

Former NBA guard Darius Morris dies at 33

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from

Fantasy Baseball Waiver Wire: Jonny DeLuca leads intriguing pickups

Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1

Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing

These 3 stocks are poised to benefit from the massive energy transition

Bulls' Lonzo Ball picks up $21.4 million option for 2024-25 season amid knee concerns

Fantasy Baseball Trade Analyzer: Buy into a pair of Astros sluggers

2024 NFL Team Fantasy Football Power Rankings, 1.0

Phil Mickelson on the majors: 'What if none of the LIV players played?'

Social Security just passed Medicare as the government's most pressing insolvency risk

Indianapolis Star bars columnist Gregg Doyel from covering Caitlin Clark, Fever after inappropriate exchange

Nuggets star Jamal Murray takes ‘full responsibility’ for throwing heat pack, towel on court in Game 2 loss

The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024

NFL Draft fashion: Caleb Williams, Malik Nabers dressed to impress, but Marvin Harrison Jr.'s medallion stole the show

Ex-Ole Miss QB and Denver Broncos draft pick Chad Kelly suspended at least nine games by CFL

Fed’s Kashkari: Rates will stay high for 'extended period' and can't rule out a hike