CISA orders US federal agencies to fix VPN bug under active ransomware attack

A ransomware group is actively exploiting an unpatched flaw in security tools used across the U.S. federal government, prompting the U.S. cybersecurity agency CISA to order all civilian agencies to remediate the vulnerability by end of day Wednesday.

Cybersecurity firm Check Point Software said the bug affects several of its remote access tools, firewalls, and VPNs , which act as digital gatekeepers to protect company networks from unauthorized access. The company said in a separate blog post that it had confirmed the bug was being exploited by a known ransomware group called Qilin to hack into “a few dozen targeted organizations globally” that rely on the affected security tools. The hacks began on May 7 but activity began to rise last week, per Check Point.

Given the risk to the federal government’s enterprise network, CISA on Monday ordered all civilian federal agencies — such as Homeland Security, the Department of State, and the Treasury — to fix any instances where agencies are using the affected products by end of day June 11. The agency cited BOD 22-01 , its operational guidance memo that allows it to instruct agencies to take security action when there is an active cyber threat to government networks. Why this matters: The directive from CISA highlights the growing concern over unpatched vulnerabilities in widely used security tools.

This incident demonstrates how ransomware groups can quickly capitalize on known flaws to gain unauthorized access to sensitive networks. For developers and businesses, this serves as a reminder to prioritize timely patching and vulnerability management. The impact on the broader industry could be significant, as a single unpatched vulnerability can have far-reaching consequences.

As the threat landscape continues to evolve, questions remain about the effectiveness of current patch management practices and the need for more proactive measures to prevent such attacks. The effectiveness of CISA's guidance and the response from federal agencies will be closely watched, with implications for future cybersecurity policy and practice.