Security News > 2024 > June > Chemical facilities warned of possible data theft in CISA CSAT breach
CISA is warning that its Chemical Security Assessment Tool environment was breached in January after hackers deployed a webshell on its Ivanti device, potentially exposing sensitive security assessments and plans.
While CISA would not share details about the incident, The Record's sources said it was the Infrastructure Protection Gateway and Chemical Security Assessment Tool.
CISA has now confirmed that the CSAT Ivanti Connect Secure appliance was breached on January 23, 2024, allowing a threat actor to upload a web shell to the device.
CISA has not shared what vulnerabilities were exploited, instead referring to a CISA document on threat actors exploiting multiple vulnerabilities on Ivanti Connect Secure and Policy Secure Gateway devices.
While CISA says all of the data in the CSAT application is encrypted with AES 256 encryption and there is no evidence that CSAT data was stolen, they decided to notify companies and individuals in an abundance of caution.
"CISA is notifying all impacted participants in the CFATS program out of an abundance of caution that this information could have been inappropriately accessed," explains the CISA data breach notification.