May 7, 2024 at 04:15AM
MITRE disclosed details of a recent hack targeting its NERVE network, including the use of Ivanti zero-day vulnerabilities and attribution to a Chinese cyberespionage group. The attack involved manipulating virtual machines, deploying malicious payloads and preparing for data exfiltration. MITRE shared technical details on the malware and indicators of compromise.
Key takeaways from the meeting notes on the MITRE hack are as follows:
– The hack targeted MITRE’s NERVE network, a collaborative research and prototyping environment, and involved the exploitation of Ivanti Connect Secure VPN device zero-day vulnerabilities.
– The attack was attributed to a cyberespionage group UNC5221, associated with China, and impacted organizations including CISA.
– The breach initially occurred on December 31, 2023, with ongoing activity into January 2024, involving manipulation of virtual machines and deployment of malicious payloads, culminating in data exfiltration on January 19.
– MITRE only discovered the intrusion in April and has released technical details on the malware involved in the attack, along with additional indicators of compromise.
– The Ivanti product vulnerabilities used in the hack have been widely exploited and proper patches were only released in late January.
Additionally, the CEO of Ivanti has vowed a cybersecurity makeover after the zero-day vulnerabilities were exploited, and related vulnerabilities continue to be targeted in attacks.
Please let me know if you need further clarification or additional information on this matter.