CISA Warns Ivanti VPN Users of Detection Gaps After Finding Factory Resets Don't Remove Hackers
-
CISA found that factory resets do not remove attacker persistence on compromised Ivanti VPN appliances. Attackers can evade detection tools.
-
CISA investigation revealed web shells were not detected and attackers covered tracks. Previous detection tools created false sense of security.
-
CISA confirms in lab testing that more than Ivanti's tools are required to adequately detect compromise on appliances.
-
CISA provides federal agencies guidance on detecting signs of compromise and responding, including assuming credentials are compromised.
-
CISA warns Ivanti customers to consider significant risk of continued use of previously compromised devices, even after resets.