Security News > 2024 > April > MITRE says state hackers breached its network via Ivanti zero-days
The MITRE Corporation says that a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days.
The incident was discovered after suspicious activity was detected on MITRE's Networked Experimentation, Research, and Virtualization Environment, an unclassified collaborative network used for research and development.
Evidence collected during the investigation so far shows that this breach did not affect the organization's core enterprise network or its partners' systems.
MITRE CTO Charles Clancy and Cybersecurity Engineer Lex Crumpton also explained in a separate advisory that the threat actors compromised one of MITRE's Virtual Private Networks by chaining two Ivanti Connect Secure zero-days.
Throughout the incident, the hackers used a combination of sophisticated webshells and backdoors to maintain access to hacked systems and harvest credentials.
Volexity said the Chinese hackers backdoored over 2,100 Ivanti appliances, harvesting and stealing account and session data from breached networks.
News URL
Related news
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381) (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Over 70 zero-day flaws get hackers $1 million at Pwn2Own Ireland (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)