Ivanti Faces Allegations of Cyberattacks Exploiting VPN Vulnerabilities

According to the Economic Desk of Webangah News Agency, in February 2021, software company Ivanti discovered that Chinese hackers had infiltrated the network of Pulse Secure, one of its subsidiaries that provides VPN equipment to dozens of companies and government agencies worldwide.

The attackers reportedly exploited past vulnerabilities in Pulse Secure VPN software to install a “backdoor” into systems. This covert access allegedly allowed them to gain entry into 119 other organizations utilizing the same product.

Cybersecurity firm Mandiant was aware of these intrusions and had reportedly warned Ivanti that hackers were using these bugs to infiltrate U.S. and European military contractors.

Following Ivanti’s acquisition by investment firm Clearlake Capital Group in 2017, the company underwent several rounds of layoffs, particularly in 2022. These workforce reductions reportedly included employees with specialized knowledge of its products and their security.

Carrie Lady, a spokesperson for Ivanti, refuted the Bloomberg report, stating that a backdoor was never installed by hackers in the “Connect Secure” product.

These findings echo previous reports concerning rival company Citrix, which also experienced significant layoffs after its acquisition in 2022 by investment management firms Elliott and Vista Equity Partners, and has been involved in numerous security incidents in recent years.

Early in 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) reportedly directed federal agencies to temporarily disconnect Ivanti VPN equipment from their networks due to active exploitation of unknown vulnerabilities by attackers, according to TechCrunch.