Article

In early 2024, CISA issued an emergency order to disconnect Ivanti's Connect Secure VPN software after it was hacked by Chinese state-sponsored actors, compromising nearly two dozen organizations. The directive impacted numerous federal agencies and private sector clients, including major banks and defense departments.

Concerns over the software's security stemmed from private equity ownership leading to significant budget cuts and staffing reductions post-acquisition. Despite Ivanti's claims of investment in security, multiple hacks exposed vulnerabilities in the Connect Secure products over the years, prompting agencies to reconsider their use. By 2025, Ivanti's customer base had reportedly declined significantly, facing ongoing scrutiny regarding its cybersecurity efficacy.