"MITRE Reveals Ivanti Breach By Nation State Actor"

The MITRE Corporation recently became the latest high-profile victim of an Ivanti-related breach after a nation-state actor compromised its R&D network via two chained zero-day vulnerabilities. The non-profit said the last time it suffered a significant cyber-incident like this was 15 years ago. MITRE noted that an unnamed state actor on this occasion comprised MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified collaborative network that provides storage, computing, and networking resources. MITRE noted that there is no indication the actor breached MITRE’s core network or partner systems. According to MITRE, starting in January 2024, a threat actor performed reconnaissance of its networks, exploited one of its Virtual Private Networks (VPNs) through two Ivanti Connect Secure zero-day vulnerabilities, and skirted past its multi-factor authentication using session hijacking. From there, they moved laterally and dug deep into its network’s VMware infrastructure using a compromised administrator account. They employed a combination of sophisticated backdoors and webshells to maintain persistence and harvest credentials. MITRE said the incident had been contained, the authorities informed, and it is now working to restore “operational alternatives for collaboration” in an expedited and secure manner.

 

Infosecurity Magazine reports: "MITRE Reveals Ivanti Breach By Nation State Actor"

Submitted by Adam Ekwall on