April 22, 2024 at 08:00AM
MITRE Corporation was targeted by a nation-state cyber attack exploiting two zero-day flaws in Ivanti Connect Secure appliances, compromising the NERVE network. The attack bypassed multi-factor authentication and moved laterally to breach VMware infrastructure. MITRE contained the incident and attributed the attack to a nation-state actor, urging for improved cybersecurity practices.
Key takeaways from the meeting notes on the cybersecurity incident at MITRE Corporation:
1. MITRE was targeted by a nation-state cyber attack using two zero-day flaws in Ivanti Connect Secure appliances, leading to the compromise of its NERVE network.
2. The adversary performed reconnaissance, exploited VPN vulnerabilities, bypassed multi-factor authentication, and laterally moved to breach MITRE’s VMware infrastructure.
3. The attack exploited CVE-2023-46805 and CVE-2024-21887, allowing threat actors to run arbitrary commands and gain persistent access to the network.
4. The attack has been attributed to a nation-state actor, likely linked to China, and other China-nexus hacking groups have also joined in the exploitation.
5. MITRE took steps to contain the incident, undertook response and recovery efforts, and conducted forensic analysis to identify the extent of the compromise.
6. There is no indication that MITRE’s core enterprise network or partners’ systems were affected by the incident.
7. MITRE’s president and CEO emphasized the importance of disclosing the incident in a timely manner and advocating for best practices to enhance cybersecurity and improve the industry’s cyber defense posture.