Cyberattack Hits CISA’s Chemical Security Assessment Tool

The Cybersecurity and Infrastructure Security Agency confirmed that malicious actors targeted its Chemical Security Assessment Tool in a cyberattack in January.

The agency uses the CSAT online portal to determine whether a facility is considered high-risk under the Chemical Facility Anti-Terrorism Standards. Among the information uploaded on the platform are vulnerability assessments, site security plans, user accounts and the chemicals the registered sites possess.

According to CISA, the hackers exploited its Ivanti virtual private network products using an advanced webshell to access the online tool, Nextgov/FCW reported.

“This type of webshell can be used to execute malicious commands or write files to the underlying system,” the agency said, adding that a malicious actor accessed the webshell several times over two days.

CISA’s analysis found no evidence that the hackers stole data from CSAT, which was taken down immediately after the cyberattack was detected.

The cyber incident was first reported in March.