Chinese Hackers Exploit Ivanti VPN Flaws to Breach Dozens of Customers

Got story updates? Submit your updates here. ›

According to a new report by Bloomberg, Chinese hackers breached the network of Ivanti subsidiary Pulse Secure in 2021, exploiting a secret backdoor in the company's VPN software to gain access to 119 other organizations that used the same VPN product. The breach highlights how cost-cutting measures and layoffs at Ivanti following its acquisition by private equity firm Clearlake Capital Group in 2017 compromised the security of the company's critical technologies.

Why it matters

The Ivanti breach is the latest example of how private equity-driven consolidation and cost-cutting in the tech industry can undermine cybersecurity, as institutional knowledge and security expertise are lost. It also raises broader concerns about the security of remote access tools and VPNs, which have become critical infrastructure for many organizations during the pandemic.

The details

According to the report, the Chinese hackers exploited a backdoor they had planted in Pulse Secure's VPN software to gain access to Ivanti's network in 2021. From there, they were able to breach 119 other unnamed organizations that were using the same VPN product. Cybersecurity firm Mandiant also reportedly alerted Ivanti that the hackers had breached European and U.S. military contractors using the vulnerable VPN.

• In February 2021, Ivanti discovered the breach of its Pulse Secure subsidiary.
• In early 2024, the U.S. cybersecurity agency CISA ordered federal agencies to disconnect their Ivanti VPN appliances within two days due to active exploitation of vulnerabilities.

What’s next

Ivanti and Mandiant did not respond to requests for comment, and it is unclear what steps the companies or affected organizations have taken to address the breach and secure their systems.