Government Hackers Hacked by MITRE: A Cybersecurity Breach Unveiled

The MITRE Corporation, a non-profit organization, disclosed that in January 2024 an unidentified state-backed hacker group breached its systems by chaining two 0-day exploits targeting Ivanti VPN.

The incident was detected following suspicious activity in NERVE (Networked Experimentation, Research, and Virtualization Environment), a non-classified collaborative network used by MITRE for research and development. Subsequently, MITRE notified the affected parties, informed the relevant authorities about the incident, and is currently working on restoring its systems.

Evidence collected during the ongoing investigation indicates that the breach did not impact the organization’s primary corporate network or its partners’ systems.

“No organization is immune to such cyberattacks, even one that strives to maintain the highest level of cybersecurity,” stated MITRE CEO Jason Providakes. “We promptly disclose information about this incident as we aim to act in the public interest, advocate for advanced practices that enhance enterprise security, and promote necessary measures to improve the industry’s current cyber defenses.”

In a separate publication, MITRE’s CTO Charles Clancy and cybersecurity engineer Lex Crumpton explained that the threat actors compromised one of MITRE’s VPNs using two zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887) previously found in Ivanti Connect Secure.

Furthermore, the attackers bypassed multi-factor authentication by session hijacking, allowing them to move through VMware infrastructure using a compromised administrator account.

According to experts, throughout the attack, the hackers utilized a combination of sophisticated web shells and backdoors to maintain access to compromised systems and gather credential data.

It is worth noting that vulnerabilities CVE-2023-46805 and CVE-2024-21887 enable authentication bypass and command injection. As reported earlier in January 2024 by Mandian experts, these bugs were leveraged by hackers to deploy various custom malware families, with the attackers primarily focused on espionage.

MITRE stressed that back in January, the organization followed the government’s and Ivanti’s advice to “update, replace, and fortify their Ivanti systems.” However, specialists failed to detect lateral movement by hackers into VMware infrastructure. “At the time, we believed we had taken all necessary actions to address the vulnerability, but it clearly wasn’t sufficient,” admitted the experts.

0 / 5

Your page rank:

Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment