The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to all chemical facilities operating in the United States regarding a potential data breach that may have exposed sensitive information to hackers. This includes details such as business names, place of birth, citizenship, redress system number, and global entry ID.
CISA’s alert follows a confirmed report that the Chemical Security Assessment Tool (CSAT) was compromised by a known threat actor through a vulnerability in the Ivanti Connect Secure Appliance earlier this year. This breach affects all participants of the Chemical Facility Anti-Terrorism Standards (CFATS), prompting immediate attention due to the potential exposure of sensitive data.
CFATS is a program that regulates cybersecurity measures in chemical facilities to mitigate risks associated with hazardous materials being used for malicious purposes. It mandates compliance to ensure operational security and continuity.
CISA’s investigation revealed that the breach on CFATS involved the deployment of an advanced webshell on the Ivanti device. Although the threat actor accessed the system over a two-day period, there is currently no evidence of misuse or sale of the compromised information, even six months after the incident.
As a precautionary measure, CISA recommends a password reset for all CSAT accounts to bolster defenses against potential brute force attacks and further unauthorized access.
