MITRE hacked via Ivanti vulnerabilities, cybersecurity alert raised

April 22, 2024
1 min read

TLDR:

  • MITRE suffered a cyberattack exploiting Ivanti flaws, hindering operations
  • Attackers used two Ivanti Connect Secure zero-day vulnerabilities to breach MITRE’s VPN

The not-for-profit research and development organization MITRE was hit by hackers who exploited Ivanti flaws earlier this year. The attackers chained two Ivanti Connect Secure zero-day vulnerabilities to breach a MITRE Virtual Private Network (VPN) and hijack user sessions, bypassing multi-factor authentication (MFA) solutions. The attack on MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE) resulted in operations being hindered, prompting the organization to take the NERVE environment offline, launch an investigation, and notify relevant authorities.

The breach notification, issued by MITRE’s CEO and president Jason Providakes, identified the attackers as a “foreign nation-state threat actor.” Additionally, earlier warnings from Ivanti regarding security vulnerabilities in its VPN products, including an authentication bypass vulnerability and a command injection flaw, were exploited by threat actors to deploy malware and ransomware on vulnerable targets. The scale of the attacks led the U.S. Cybersecurity and Infrastructure Security (CISA) agency to issue an emergency directive advising federal agencies to apply patches immediately.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and