Who: The MITRE Corporation, a non-profit organization, was targeted in a nation-state cyberattack exploiting two zero-day flaws in Ivanti Connect Secure appliances.
What: The intrusion compromised MITRE's Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified research and prototyping network. Threat actors exploited CVE-2023-46805 and CVE-2024-21887 to bypass authentication and execute arbitrary commands on the system. They then moved laterally to breach MITRE's VMware infrastructure, deploying backdoors and web shells for persistence and credential harvesting.
Impact: While MITRE's core enterprise network and partner systems remained unaffected, the breach highlighted the vulnerability of even highly secure organizations. MITRE has taken steps to contain the incident, conduct response and recovery efforts, and perform forensic analysis. The attack has been attributed to a nation-state cluster, UTA0178, likely linked to China, with other China-related hacking groups subsequently joining the exploitation. MITRE disclosed the incident to advocate for enhanced cybersecurity practices across the industry.
Read the full article HERE