Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack

May 24, 2024 at 12:51PM MITRE Corporation disclosed a cyber attack on a not-for-profit company in late December 2023, revealing details of the attack involving rogue virtual machines created within the VMware environment. The attack, attributed to a China-linked threat actor, exploited Ivanti Connect Secure flaws and highlights the need for organizations to remain vigilant … Read more

Chinese Hackers Deployed Backdoor Quintet to Down MITRE

May 7, 2024 at 05:56PM The MITRE Corporation was targeted by China-linked hackers who used various backdoors and web shells. The attackers gained access to NERVE, MITRE’s research network, and deployed five unique payloads over several months. MITRE emphasized the importance of secure design, zero trust, and continuous authentication in light of the attack’s aftermath. … Read more

MITRE Hack: China-Linked Group Breached Systems in December 2023

May 7, 2024 at 04:15AM MITRE disclosed details of a recent hack targeting its NERVE network, including the use of Ivanti zero-day vulnerabilities and attribution to a Chinese cyberespionage group. The attack involved manipulating virtual machines, deploying malicious payloads and preparing for data exfiltration. MITRE shared technical details on the malware and indicators of compromise. … Read more

MITRE ATT&CKED: InfoSec’s Most Trusted Name Falls to Ivanti Bugs

April 22, 2024 at 03:21PM Chinese state hackers exploited vulnerable Ivanti edge devices to gain long-term access to MITRE Corp.’s unclassified NERVE network. The attackers used various techniques including exploiting VPNs and zero-day vulnerabilities, bypassing MFA, deploying web shells, and exfiltrating data. MITRE only detected the breach three months later, illustrating the serious impact and … Read more

Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities

February 1, 2024 at 03:33AM Mandiant, owned by Google, reported identifying new malware used by espionage threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. The malware includes web shells like BUSHWALK, CHAINLINE, FRAMESTING, and a variant of LIGHTWIRE, enabling arbitrary command execution and data exfiltration. Ivanti has disclosed and fixed security … Read more

Ivanti Zero-Day Patches Delayed as ‘KrustyLoader’ Attacks Mount

January 30, 2024 at 06:27PM Attacks are exploiting zero-day vulnerabilities in Ivanti VPNs allowing remote code execution and authentication bypass. Rust-based backdoors are being deployed, downloading a backdoor malware, “KrustyLoader.” Chinese state-sponsored APT actors are exploiting these bugs worldwide. Patches for the vulnerabilities (CVE-2024-21887 and CVE-2023-46805) have been delayed, with Ivanti targeting a release this … Read more

Ivanti Connect Secure zero-days exploited to deploy custom malware

January 12, 2024 at 10:36AM Hackers have been exploiting two zero-day vulnerabilities in Ivanti Connect Secure since early December, deploying multiple malware families for espionage. The vulnerabilities, CVE-2023-46805 and CVE-2024-21887, bypass authentication and inject arbitrary commands. Attackers targeted a small number of Ivanti customers. The threat actor, tracked as UNC5221, used various custom malware and … Read more