Update
On 20 April 2021, CISA released an alert on ongoing exploitation of Ivanti Pulse Connect Secure vulnerabilities. U.S. Government agencies, critical infrastructure entities, and private sector organisations have been impacted. For further details on the vulnerabilities and impacted versions please refer the Pulse Security Advisory.
The Pulse VPN vulnerabilities were initially disclosed in April 2019 and have been previously exploited in Australian networks.
Mitigation
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recommends that in addition to patching, organisations should refer to mitigations provided within the CISA alert, Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities, and take the additional step to run the Pulse Connect Secure Integrity Tool. The integrity tool checks the file system and finds any additional/modified file(s).
Assistance
The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ASD’s ACSC via 1300 CYBER1.