Security News > 2024 > April > MITRE says state hackers breached its network via Ivanti zero-days
The MITRE Corporation says that a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days.
The incident was discovered after suspicious activity was detected on MITRE's Networked Experimentation, Research, and Virtualization Environment, an unclassified collaborative network used for research and development.
Evidence collected during the investigation so far shows that this breach did not affect the organization's core enterprise network or its partners' systems.
MITRE CTO Charles Clancy and Cybersecurity Engineer Lex Crumpton also explained in a separate advisory that the threat actors compromised one of MITRE's Virtual Private Networks by chaining two Ivanti Connect Secure zero-days.
Throughout the incident, the hackers used a combination of sophisticated webshells and backdoors to maintain access to hacked systems and harvest credentials.
Volexity said the Chinese hackers backdoored over 2,100 Ivanti appliances, harvesting and stealing account and session data from breached networks.
News URL
Related news
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- CISA: Hackers still exploiting older Ivanti bugs to breach networks (source)
- Hackers get $886,250 for 49 zero-days at Pwn2Own Automotive 2025 (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)