Security News > 2024 > April > MITRE says state hackers breached its network via Ivanti zero-days
The MITRE Corporation says that a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days.
The incident was discovered after suspicious activity was detected on MITRE's Networked Experimentation, Research, and Virtualization Environment, an unclassified collaborative network used for research and development.
Evidence collected during the investigation so far shows that this breach did not affect the organization's core enterprise network or its partners' systems.
MITRE CTO Charles Clancy and Cybersecurity Engineer Lex Crumpton also explained in a separate advisory that the threat actors compromised one of MITRE's Virtual Private Networks by chaining two Ivanti Connect Secure zero-days.
Throughout the incident, the hackers used a combination of sophisticated webshells and backdoors to maintain access to hacked systems and harvest credentials.
Volexity said the Chinese hackers backdoored over 2,100 Ivanti appliances, harvesting and stealing account and session data from breached networks.
News URL
Related news
- MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws (source)
- MITRE breached by nation-state threat actor via Ivanti zero-days (source)
- Hackers earn $1,132,500 for 29 zero-days at Pwn2Own Vancouver (source)
- Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)
- Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 2024 (source)