Home > Security > Security News

Ivanti VPN Flaws Exploited by Chinese Hackers Impacting Almost 120 Organizations, Report Says

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Ivanti Vuln Exploitation
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • Historic Breach: Reports indicate Chinese state-sponsored actors exploited Ivanti's Pulse Secure VPN to infiltrate U.S. networks.
  • Widespread Impact: A vulnerability reportedly allowed unauthorized access to at least 119 organizations, including critical infrastructure and government contractors.
  • Prolonged Access: Cited sources said the attackers planted a backdoor leveraging preexisting vulnerabilities in Pulse Secure’s VPN as early as 2021.

Chinese hackers exploited critical Ivanti VPN flaws to compromise dozens of high-value targets in a sophisticated cyberespionage campaign. The breach, which reportedly began in February 2021, targeted Pulse Secure VPN appliances, a staple in enterprise and government network security. 

Scope of the Chinese Hackers Breach

While initially targeting a subsidiary, the Chinese hacker breach expanded to compromise at least 119 organizations, including U.S. and European military contractors, a Bloomberg report says.

Threat actors reportedly leveraged a zero-day vulnerability and used the backdoor to gain access to the unnamed organizations, the report said, citing sources, including Ivanti’s chief security officer at the time. Yet, an Ivanti spokesperson disputed this claim.

Mandiant, a leading threat intelligence firm, was reportedly aware of the exploitation vectors and alerted Ivanti. However, questions remain regarding the timeliness of remediation and the efficacy of the patches deployed during the active exploitation window. 

Cybersecurity in VPNs

Security professionals must prioritize patch management and consider the supply chain risks associated with vendor acquisitions.

In a rare move, on February 1, 2024, CISA mandated that all federal civilian executive branch agencies disconnect all Ivanti VPN appliances by the next day due to flaws active exploitation.

Reports last month revealed that two Ivanti zero-days were actively exploited in global cyberattacks targeting government organizations. The CVE-2025-22457 Ivanti Connect Secure VPN flaw was reported as under active exploitation by a suspected China-nexus threat actor in April 2025.

Add a Comment
Related
Hacker Silhouette
INC Ransom Claims Energy and Construction Sectors Breach: ACWA Power Saudi Arabia and Larsen & Toubro India Data Leaked 
Browser Data
APT28 Deploys Macro Malware in Browser-Based Exfiltration Operation Targeting Europe
Police - Hacker - Arrest - Handcuffs
Spain Detains Two Suspected Anonymous Members for DDoS Attacks: Hacktivist Cell Dismantled
Data breach carried out by anonymous malicious hackers
CarGurus Data Breach Exposes 12.5 Million User Records in Alleged ShinyHunters Compromise
data breach
Cornwall Council Data Breach Exposes Unredacted Complainant PIIs
Cyber Job Moves: Security Leadership Expands Across Enterprise and Cyber Vendors
Most Popular
Hacker Silhouette
INC Ransom Claims Energy and Construction Sectors Breach: ACWA Power Saudi Arabia and Larsen & Toubro India Data Leaked 
Browser Data
APT28 Deploys Macro Malware in Browser-Based Exfiltration Operation Targeting Europe
Police - Hacker - Arrest - Handcuffs
Spain Detains Two Suspected Anonymous Members for DDoS Attacks: Hacktivist Cell Dismantled
We Tested Windscribe Clear Wi-Fi History Feature on Desktop Apps for Privacy Control - Here is How it Works
We Tested Windscribe Clear Wi-Fi History Feature on Desktop Apps for Privacy Control - Here is How it Works
Data breach carried out by anonymous malicious hackers
CarGurus Data Breach Exposes 12.5 Million User Records in Alleged ShinyHunters Compromise
data breach
Cornwall Council Data Breach Exposes Unredacted Complainant PIIs
INC Ransom Claims Energy and Construction Sectors Breach: ACWA Power Saudi Arabia and Larsen & Toubro India Data Leaked 
APT28 Deploys Macro Malware in Browser-Based Exfiltration Operation Targeting Europe
Spain Detains Two Suspected Anonymous Members for DDoS Attacks: Hacktivist Cell Dismantled
We Tested Windscribe Clear Wi-Fi History Feature on Desktop Apps for Privacy Control - Here is How it Works
CarGurus Data Breach Exposes 12.5 Million User Records in Alleged ShinyHunters Compromise
Cornwall Council Data Breach Exposes Unredacted Complainant PIIs

Most Popular
Hacker Silhouette
INC Ransom Claims Energy and Construction Sectors Breach: ACWA Power Saudi Arabia and Larsen & Toubro India Data Leaked 
Browser Data
APT28 Deploys Macro Malware in Browser-Based Exfiltration Operation Targeting Europe
Police - Hacker - Arrest - Handcuffs
Spain Detains Two Suspected Anonymous Members for DDoS Attacks: Hacktivist Cell Dismantled
We Tested Windscribe Clear Wi-Fi History Feature on Desktop Apps for Privacy Control - Here is How it Works
We Tested Windscribe Clear Wi-Fi History Feature on Desktop Apps for Privacy Control - Here is How it Works
Data breach carried out by anonymous malicious hackers
CarGurus Data Breach Exposes 12.5 Million User Records in Alleged ShinyHunters Compromise
data breach
Cornwall Council Data Breach Exposes Unredacted Complainant PIIs
INC Ransom Claims Energy and Construction Sectors Breach: ACWA Power Saudi Arabia and Larsen & Toubro India Data Leaked 
APT28 Deploys Macro Malware in Browser-Based Exfiltration Operation Targeting Europe
Spain Detains Two Suspected Anonymous Members for DDoS Attacks: Hacktivist Cell Dismantled
We Tested Windscribe Clear Wi-Fi History Feature on Desktop Apps for Privacy Control - Here is How it Works
CarGurus Data Breach Exposes 12.5 Million User Records in Alleged ShinyHunters Compromise
Cornwall Council Data Breach Exposes Unredacted Complainant PIIs

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: