In February 2021, software giant Ivanti [https://techcrunch.com/tag/ivanti/] discovered that Chinese hackers had breached the network of Pulse Secure, one of its subsidiaries. Pulse Secure provided VPN appliances to dozens of companies and government agencies worldwide, as reported by Bloomberg [https://www.bloomberg.com/news/features/2026-02-19/vpn-used-by-us-government-failed-to-stop-china-state-sponsored-hackers]. The hackers took advantage of existing vulnerabilities in Pulse Secure’s VPN software to plant a backdoor. This allowed them access to 119 additional organizations using the same VPN product. Mandiant also detected these breaches and informed Ivanti that hackers had exploited the vulnerability to infiltrate both European and U.S. military contractors.

Impact of Acquisitions and Cost-Cutting on Security

This previously unreported breach demonstrates how acquisitions, layoffs, and cost-cutting by private equity have undermined the quality and security of Ivanti’s core technologies. After Clearlake Capital Group acquired Ivanti in 2017, Bloomberg noted several rounds of staff reductions, particularly in 2022. Many of those affected possessed deep institutional knowledge about the products and their security frameworks. Although Ivanti’s spokesperson, Carrie Laudie, rejected Bloomberg’s claims and insisted there was “never a backdoor planted by hackers in Connect Secure,” concerns linger. Mandiant did not comment on the findings.

Broader Industry Trends and Continuing Risks

Bloomberg’s findings mirror previous investigations into Citrix, another prominent remote access tools provider, which experienced large-scale layoffs [http://techcrunch.com/2023/01/11/company-created-by-citrix-tibco-merger-confirms-it-has-laid-off-15-of-staff/#!]. This followed a 2022 deal [https://techcrunch.com/2022/01/31/citrix-to-be-acquired-by-vista-and-evergreen-elliott-in-a-16-5b-all-cash-deal-will-be-merged-with-tibco-to-create-saas-powerhouse/] where Elliott Investment Management and Vista Equity Partners acquired Citrix. Consequently, Citrix, like Ivanti, faced cybersecurity incidents [https://techcrunch.com/2023/11/14/citrix-bleed-critical-bug-ransomware-mass-cyberattacks/] and critical flaws [https://techcrunch.com/2025/07/11/cisa-confirms-hackers-are-actively-exploiting-critical-citrix-bleed-2-bug/].

Ivanti’s VPN products have been linked to at least two other significant attacks since the 2021 breach. For example, in early 2024, the U.S. cybersecurity agency CISA ordered all federal agencies to disconnect [https://techcrunch.com/2024/02/01/cisa-federal-agencies-disconnect-ivanti-vpn/] their Ivanti VPN appliances within two days. This was due to active exploitation of previously unknown vulnerabilities. Ivanti also warned customers [https://techcrunch.com/2025/01/09/hackers-are-exploiting-a-new-ivanti-vpn-security-bug-to-hack-into-company-networks/] last year about hackers exploiting another critical flaw in its Connect Secure product to target corporate customers. This sequence of events highlights persistent cybersecurity risks affecting major technology providers.

Tags: VPN, siguri kibernetike, sulme kibernetike, Ivanti, dobësi softuerike, hakerë kinezë