Security News > 2024 > April > MITRE says state hackers breached its network via Ivanti zero-days

MITRE says state hackers breached its network via Ivanti zero-days
2024-04-19 19:02

The MITRE Corporation says that a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days.

The incident was discovered after suspicious activity was detected on MITRE's Networked Experimentation, Research, and Virtualization Environment, an unclassified collaborative network used for research and development.

Evidence collected during the investigation so far shows that this breach did not affect the organization's core enterprise network or its partners' systems.

MITRE CTO Charles Clancy and Cybersecurity Engineer Lex Crumpton also explained in a separate advisory that the threat actors compromised one of MITRE's Virtual Private Networks by chaining two Ivanti Connect Secure zero-days.

Throughout the incident, the hackers used a combination of sophisticated webshells and backdoors to maintain access to hacked systems and harvest credentials.

Volexity said the Chinese hackers backdoored over 2,100 Ivanti appliances, harvesting and stealing account and session data from breached networks.

News URL

Related vendor

Ivanti 23 9 60 74 51 194
Mitre 3 1 10 1 2 14