In February 2021, the software behemoth Ivanti uncovered that hackers from China had infiltrated the network of Pulse Secure, one of its subsidiaries providing VPN devices to numerous businesses and government entities globally, as per new insights from Bloomberg.

The attackers took advantage of a covert backdoor embedded in Pulse Secure’s VPN software, Bloomberg stated, referencing Ivanti’s chief security officer at the time along with other sources. This backdoor facilitated the hackers’ access to 119 other unnamed entities that utilized the same VPN offering from the company.

Mandiant was reportedly cognizant of the breaches as well, notifying Ivanti that hackers had exploited the vulnerability to breach defense contractors in Europe and the United States. 

The previously unreported intrusion highlights how acquisitions, workforce reductions, and cost-cutting measures initiated by private equity firms compromised the integrity and security of Ivanti’s essential technologies. After the private equity firm Clearlake Capital Group purchased Ivanti in 2017, Bloomberg reported subsequent rounds of layoffs — particularly in 2022 — impacting employees with extensive knowledge of the company’s products and their security.

Ivanti and Mandiant did not reply to a request for comment. 

The findings from Bloomberg resonate with prior reports regarding competing provider of remote access solutions, Citrix, which faced significant layoffs after a 2022 acquisition by Elliott Investment Management and Vista Equity Partners. Similar to Ivanti, Citrix has encountered various cybersecurity issues and critical vulnerabilities in recent times. 

Since then, Ivanti’s VPN solutions have been implicated in at least two other notable attacks.

In early 2024, the U.S. cybersecurity agency CISA mandated all federal institutions to disconnect their Ivanti VPN devices within two days because hackers were actively exploiting vulnerabilities that Ivanti was unaware of at the time. Ivanti also cautioned customers last year that hackers were leveraging another significant flaw in its Connect Secure product to breach corporate clients.