In February 2021, Ivanti, a software giant, discovered that Chinese hackers had infiltrated the network of Pulse Secure, one of its subsidiaries providing VPN appliances to numerous companies and government agencies globally, as reported by Bloomberg.
The hackers took advantage of a secret backdoor they had installed in Pulse Secure’s VPN software, allowing them to access 119 other unnamed organizations using the same VPN product, according to Bloomberg, citing Ivanti’s chief security officer at the time and other sources.
Mandiant was reportedly aware of the breaches and had alerted Ivanti about hackers exploiting the bug to breach European and U.S. military contractors.
This previously unreported breach highlights how acquisitions, layoffs, and cost-cutting from private equity firms compromised the quality and security of Ivanti’s critical technologies. After private investment giant Clearlake Capital Group acquired Ivanti in 2017, Bloomberg reported cuts, especially in 2022, affecting employees with deep institutional knowledge of the company’s products and their security.
Neither Ivanti nor Mandiant responded to a request for comment.
Bloomberg’s findings mirror earlier reports on Citrix, a rival provider of remote access tools, which experienced large-scale layoffs following a 2022 deal by Elliott Investment Management and Vista Equity Partners. Similar to Ivanti, Citrix has faced cybersecurity incidents and critical flaws recently.
Ivanti’s VPN products have been involved in at least two other major attacks since then.
In early 2024, the U.S. cybersecurity agency CISA ordered all federal agencies to disconnect their Ivanti VPN appliances within two days because hackers were actively exploiting previously unknown vulnerabilities. Ivanti also warned customers last year of another critical flaw in its Connect Secure product exploited by hackers to access corporate networks.