CISA gives US federal agencies three days to fix a VPN bug under attack by a ransomware gang

A ransomware group is actively exploiting an unpatched flaw in security tools used across the U.S. federal government, prompting the U.S. cybersecurity agency CISA to order all civilian agencies to remediate the vulnerability by end of day Wednesday.

Cybersecurity firm Check Point Software said the bug affects several of its remote access tools, firewalls, and VPNs, which act as digital gatekeepers to protect company networks from unauthorized access.

The company said in a separate blog post that it had confirmed the bug was being exploited by a known ransomware group called Qilin to hack into “a few dozen targeted organizations globally” that rely on the affected security tools.

The hacks began on May 7 but activity began to rise last week, per Check Point.

Given the risk to the federal government’s enterprise network, CISA on Monday ordered all civilian federal agencies — such as Homeland Security, the Department of State, and the Treasury — to fix any instances where agencies are using the affected products by end of day June 11. The agency cited BOD 22-01, its operational guidance memo that allows it to instruct agencies to take security action when there is an active cyber threat to government networks.

Get an inside look at what it takes to scale and succeed from leaders at Mach Industries, Founders Fund, and Shinkei Systems. Through candid fireside chats and high-impact networking, you’ll walk away with valuable insights and new connections.

Every weekday and Sunday, you can get the best of TechCrunch’s coverage.

TechCrunch Mobility is your destination for transportation news and insight.

Startups are the core of TechCrunch, so get our best coverage delivered weekly.

Provides movers and shakers with the info they need to start their day.

By submitting your email, you agree to our Terms and Privacy Notice.