"VMware Abused in Recent MITRE Hack for Persistence, Evasion"

MITRE found that state-sponsored hackers exploited zero-day vulnerabilities in an Ivanti product to access its Networked Experimentation, Research, and Virtualization Environment (NERVE), a collaborative network for research, development, and prototyping. On January 10, Volexity revealed that Chinese hackers had compromised Ivanti Virtual Private Network (VPN) devices using the vulnerabilities. MITRE found signs of exploitation in April, but its investigation found that a Chinese cyber espionage group tracked by Mandiant as "UNC5221" exploited Ivanti zero-days to gain initial access to its NERVE environment in late December 2023. The threat actor launched a VMware vCenter backdoor named "BrickStorm" and a web shell named "BeeFlush." This article continues to discuss the abuse of VMware in a recent MITRE hack. 

SecurityWeek reports "VMware Abused in Recent MITRE Hack for Persistence, Evasion"

Submitted by grigby1

Submitted by Gregory Rigby on