In February 2021, software program big Ivanti found that Chinese language hackers had breached the community of Pulse Safe, one in every of its subsidiaries that supplied VPN home equipment to dozens of corporations and authorities companies all over the world, according to new reporting by Bloomberg.
The hackers exploited a secret backdoor that they had planted in Pulse Safe’s VPN software program, Bloomberg reported, citing Ivanti’s chief safety officer on the time and different sources. The backdoor allowed the hackers to achieve entry to 119 different unnamed organizations that used the corporate’s similar VPN product.
Mandiant was reportedly conscious of the breaches as properly, alerting Ivanti that hackers had exploited the bug to breach European and U.S. navy contractors.
The beforehand unreported breach is the most recent instance of how acquisitions, layoffs, and cost-cutting pushed by non-public fairness companies helped to compromise the standard and safety of Ivanti’s most crucial applied sciences. After non-public funding big Clearlake Capital Group acquired Ivanti in 2017, Bloomberg reported rounds of cuts — notably in 2022 — affecting workers who had deep institutional data of the corporate’s merchandise and their safety.
Ivanti and Mandiant didn’t reply to a request for remark.
Bloomberg’s findings echo earlier reporting into rival supplier of distant entry instruments, Citrix, which had massive scale layoffs following a 2022 deal by Elliott Funding Administration and Vista Fairness Companions to purchase the corporate. Like Ivanti, Citrix has been mired by cybersecurity incidents and important flaws in recent times.
Ivanti’s VPN merchandise have been the reason for at the least two different main assaults since.
Techcrunch occasion
Boston, MA
|
June 9, 2026
In early 2024, U.S. cybersecurity company CISA ordered all federal companies to disconnect their Ivanti VPN home equipment inside two days as a result of hackers had been actively exploiting vulnerabilities that had been unknown to Ivanti on the time. Ivanti additionally warned clients final yr that hackers had been exploiting one other essential flaw in its Join Safe product to hack company clients.
