TLDR:
- MITRE suffered a cyberattack exploiting Ivanti flaws, hindering operations
- Attackers used two Ivanti Connect Secure zero-day vulnerabilities to breach MITRE’s VPN
The not-for-profit research and development organization MITRE was hit by hackers who exploited Ivanti flaws earlier this year. The attackers chained two Ivanti Connect Secure zero-day vulnerabilities to breach a MITRE Virtual Private Network (VPN) and hijack user sessions, bypassing multi-factor authentication (MFA) solutions. The attack on MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE) resulted in operations being hindered, prompting the organization to take the NERVE environment offline, launch an investigation, and notify relevant authorities.
The breach notification, issued by MITRE’s CEO and president Jason Providakes, identified the attackers as a “foreign nation-state threat actor.” Additionally, earlier warnings from Ivanti regarding security vulnerabilities in its VPN products, including an authentication bypass vulnerability and a command injection flaw, were exploited by threat actors to deploy malware and ransomware on vulnerable targets. The scale of the attacks led the U.S. Cybersecurity and Infrastructure Security (CISA) agency to issue an emergency directive advising federal agencies to apply patches immediately.