On April 20, 2021, it was reported that suspected Chinese-state backed hacker groups had breached multiple government agencies, defense companies and financial institutions in both the US and Europe after the hackers created and used a Zero-day exploit for Ivanti Pulse Connect Secure VPN devices.
[1][2][3] A Cybersecurity and Infrastructure Security Agency alert reported that the attacks using the exploited started in June 2020 or earlier.
[7] Mandiant's chief financial officer Charles Carmakal said that while the hack had only a small indication of having a large number of victims.
He said the breach was significant because it had allowed unauthorized access to federal and corporate systems for months.
[10] The CISA issued an emergency directive requiring that federal agencies install product updates.