Priya PatelTLDR:
- The MITRE Corporation was breached by nation-state hackers exploiting two zero-day flaws in Ivanti Connect Secure appliances in January 2024.
- The intrusion compromised MITRE’s NERVE network, leading to backdoors, web shells, and credential harvesting.
In April 2024, the MITRE Corporation disclosed that it had fallen victim to a cyber attack orchestrated by a nation-state entity. The attack exploited two zero-day vulnerabilities in Ivanti Connect Secure appliances, allowing the threat actors to compromise MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE). The attackers used CVE-2023-46805 and CVE-2024-21887 to bypass authentication and gain access to the system. After infiltrating the network, they moved laterally to breach the VMware infrastructure, establishing backdoors and web shells for persistence and credential harvesting.
Although the breach impacted the NERVE network, MITRE assured stakeholders that its core enterprise network and partners’ systems were unaffected. Following the incident, the organization took immediate steps to contain the breach, conduct forensic analysis, and enhance its cybersecurity posture. The attack has been attributed to a cluster known as UTA0178, believed to be associated with a nation-state actor linked to China.
MITRE’s President and CEO, Jason Providakes, emphasized the importance of public disclosure and adherence to best practices in cybersecurity to mitigate the risks of such attacks. The incident serves as a stark reminder that no organization is immune to cyber threats, even those with robust security measures in place.
