In early 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) mandated that all federal agencies disconnect their Ivanti VPN appliances within 48 hours due to active exploitation of vulnerabilities. This action followed revelations about a significant breach involving Pulse Secure, a subsidiary of Ivanti, which was compromised by Chinese hackers exploiting a backdoor in its VPN software. The incident allowed unauthorized access to 119 unnamed organizations utilizing the same product.
Reports indicate that Mandiant was aware of the breaches, having notified Ivanti about the exploitation affecting military contractors in Europe and the U.S. The incident highlights concerns regarding the impact of private equity ownership, as Clearlake Capital Group acquired Ivanti in 2017, leading to layoffs that diminished the company's institutional knowledge and security measures.
Ivanti's VPN products have faced scrutiny following at least two other significant cyberattacks. The company did not provide comments regarding the breaches or the recent findings reported by Bloomberg, which also noted similar issues faced by competitor Citrix after its acquisition by Elliott Investment Management and Vista Equity Partners.