Organizations part of the Cybersecurity and Infrastructure Security Agency's Chemical Facility Anti-Terrorism Standards program have been informed regarding a potential data compromise stemming from the breach of the agency's Chemical Security Assessment Tool in January, reports SecurityWeek.
Threat actors who infiltrated the CSAT tool through the exploitation of an Ivanti Connect Secure zero-day bug may have accessed chemical facility names and addresses, as well as information on facilities' cyber and physical security capabilities, chemicals of interest, COI use and security measures, and vulnerability remediation reports, according to CISA. Also potentially accessed in the intrusion are personally identifiable information of individuals from CFATS member organizations who sought Personnel Surety Program vetting from December 2015 to July 2023, which includes names, birthdates, citizenship, passport numbers, and other information. However, CISA emphasized that none of its systems beyond the Ivanti device or CSAT environment have been impacted. "All information in CSAT was encrypted using AES 256 encryption and information from each application had additional security controls limiting the likelihood of lateral access," said CISA.
