Alleged Nation-state Hackers Breached MITRE Corporation. Loot Undisclosed
The MITRE Corporation, a non-profit organization that manages federally funded research grants, was the victim of a group of alleged nation-state hackers. They breached the organization using two zero-day vulnerabilities in Irvati’s products.
Per the report, they penetrated MITRE’s systems by exploiting one of its VPNs. The firewall facilitated the process by exposing the Ivanti Connect Secure’s vulnerabilities.
Exploited Vulnerabilities
The hackers exploited CVE-2023-46805 and CVE-2024-21887. These vulnerabilities were some of the prominent defects in Ivanti as at least ten customers were victims of cyberattacks due to it.
MITRE’s Chief Technology Officer, Charles Clancy, attributed the compromise in their unclassified collaborative research and development network to an adversary nation-state, among other factors, without identifying the threat actor.
CTO stated that the network is a fat target as it hosts various prototypes and various operations with support from various government agencies. They also affirmed that the breach did not affect any core enterprise network or its other systems.
Afterwards, Clancy delved into the timeline of the attack. The hackers gained access to the Ivanti Connect Secure server on the perimeter. They exploited MITRE’s virtual machines unabated using the zero-day vulnerability.
MITRE Attackers Used Backdoor
MITRE identified that hackers exploited Ivanti bugs to move sideways, obtaining the account of a privileged administrator and deploying super stealthy backdoors and webshells to avoid detection and gather more actionable information.
Although it seemed to be addressed, with aid of the government and Ivanti guidance, the organization informed that its steps were not yet efficient.
The institution’s determination to identify the attack led to the disclosure of the by MITRE, an authority highly respected by cyber experts worldwide across all technicalties, underlining even the most cyber mature organizations’ vulnerability to aggressive actors of sophisticated cybertheft.
Additionally, the update underscored its role as a focal point in the periodic recurring events, providing avenues for better understanding the attack details, and ultimately sharing its experience to inform recommendations.
Exploitation of Ivanti Bugs in VMware vCenter
Thus, a piece of reference as regards a Google security blog deals with the situations when the attackers explored the Ivanti bugs amongst others in order to hack into a VMware vCenter server.
Complimentarily to the posting of this blog by MITRE, evidence of an incident matching its own was absent.
Immediately, there goes kind of a supporter or the source of this exploit, but the security company named the threat actor as a Chinese state-level threat actor.
Ivanti solutions are among the hackers’ most preferred options, which is evident in the number of hacks against different states and organizations, including the United States Cybersecurity and Infrastructure Agency(CISA).