CISA detected potentially malicious activity on January 26, involving an advanced webshell installed on an Ivanti device. The breach did not result in data exfiltration beyond the Ivanti device, nor did it allow adversarial access to other CSAT environment components. Despite no evidence of stolen data, CISA notified affected individuals and facilities as a precaution.
Exposed data potentially included Top-Screen surveys, security vulnerability assessments, and encrypted site security plans. Personal details of staff, such as passport numbers and TWIC card numbers, might also have been at risk. CISA advised CSAT account holders to change their passwords and apply identity protection services if vetted under the Personnel Surety Program between December 2015 and July 2023.
This breach highlights the critical importance of timely patching and robust cybersecurity measures for high-risk facilities.
Source: The Register
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.