At least five US Government agencies have been breached in the latest attack aimed at the government, an official at the Cybersecurity and Infrastructure Security Agency says.
“CISA is aware of at least five federal civilian agencies who have run the Pulse Connect Secure Integrity Tool and identified indications of potential unauthorised access,” deputy executive assistant director of Cybersecurity, Matt Hartman, said in a statement sent to CNN.
“We are working with each agency to validate whether an intrusion has occurred and will offer incident response support accordingly.”
The CISA warned government agencies to guard against vulnerabilities in Pulse Connect Secure products as they were being exploited since 31 March.
The CISA said it had assisted multiple agencies which had been hit by attackers using any of the four flaws disclosed about the products.
“The threat actor is using this access to place webshells on the Pulse Connect Secure appliance for further access and persistence,” the advisory said.
“The known webshells allow for a variety of functions, including authentication bypass, multi-factor authentication bypass, password logging, and persistence through patching.”
On 21 April, security vendor FireEye had warned about the same vulnerabilities after they were disclosed by the vendor,…