“CISA is aware of at least five federal civilian agencies who have run the Pulse Connect Secure Integrity Tool and identified indications of potential unauthorized access. We are working with each agency to validate whether an intrusion has occurred and will offer incident response support accordingly,” said Matt Hartman, the agency’s deputy executive assistant director.
Hartman did not disclose which agencies are under investigation, but since March 31, CISA has been helping various entities that have used compromised Pulse Connect Secure products.
The agency issued on April 20 an activity alert and emergency directive for four Pulse Connect Secure vulnerabilities, and has updated the activity alert to add new information on Transport Layer Security fingerprinting, a method that can be used for malicious activity identification. All federal civilian agencies are required by the emergency directive to check which Pulse Connect Secure appliances are currently used and to evaluate if the product had been compromised.