MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

The MITRE Corporation reported a cyber attack that began in January 2024, involving a nation-state actor exploiting two zero-day vulnerabilities in Ivanti Connect Secure appliances. The attack compromised MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE), which is an unclassified network used for research and prototyping.

The attackers used these vulnerabilities to bypass multi-factor authentication and execute arbitrary commands. They gained initial access, moved laterally within the network, and compromised the VMware infrastructure using an administrator account. This allowed them to deploy backdoors and web shells for ongoing access and data extraction.

Despite the severity of the breach, there’s no evidence that MITRE’s main enterprise network or its partners’ systems were affected. MITRE has since contained the incident and conducted a thorough investigation and recovery process. The exploitation of the vulnerabilities was first linked to a group named UTA0178, believed to be associated with China. Following this, other groups connected to China also began exploiting these vulnerabilities, according to cybersecurity firm Mandiant.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

Recent News

Featured Services

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

BOOK A MEETING

Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.