For the last several weeks, the Cybersecurity and Infrastructure Security Agency has been working to determine the extent of the problem and help agencies secure their systems, including asking them to run an “integrity tool” to check for possible compromise.
“CISA is aware of at least five federal civilian agencies who have run the Pulse Connect Secure Integrity Tool and identified indications of potential unauthorized access,” Deputy Executive Assistant Director of Cybersecurity Matt Hartman said in a statement.
“We are working with each agency to validate whether an intrusion has occurred and will offer incident response support accordingly,” he added.
CNN reported last week that CISA had identified 24 federal civilian agencies that use Pulse Connect Secure devices, but it was not yet known whether the agencies were compromised.
The discovery of potential breaches comes a little over a week after CISA issued a rare “emergency directive” ordering all federal civilian agencies to determine how many instances of the product they have, run the “integrity tool,” install updates and submit a report to CISA. Emergency directives are used when there is a high potential for compromise of agency systems.
Since March 31, CISA has been assisting multiple entities whose vulnerable Pulse Connect Secure products have been exploited by a cyber threat actor, according to a CISA spokesperson.
The US government has yet to determine responsibility for the hack.
They also don’t appear to have the same “indiscriminate targeting” as the Microsoft Exchange Server campaign, where “various adversaries” compromised thousands of servers, he said.