Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

MITRE says it was hit by hackers exploiting Ivanti flaws

Red padlock open on electric circuits network dark red background.

The not-for-profit research and development organization MITRE suffered a cyberattack early this year, with the attack apparently hindering some operations, but there was no talk of stolen data.

In a breach notification published on the MITRE website late last week, CEO and president Jason Providakes explained what happened and what the organization was doing about it.

Apparently, the company spotted suspicious activity on its Networked Experimentation, Research, and Virtualization Environment (NERVE), a collaborative network used for research, development, and prototyping.

Chinese threat actors

To contain the incident, the organization took the NERVE environment offline, launched an investigation, and notified relevant authorities. It is currently working to restore “operational alternatives for collaboration,” suggesting that some operations were hampered by the attack.

Nothing else was said in the notification, other than it was a “foreign nation-state threat actor” behind the attack. However, BleepingComputer found a separate advisory, published by MITRE CTO Charles Clancy, and Cybersecurity Engineer Lex Crumpton, in which it was explained that the attackers had chained two Ivanti Connect Secure zero-day vulnerabilities to breach a MITRE Virtual Private Network (VPN).

By using the two flaws, the attackers were also able to hijack user sessions, thus bypassing multi-factor authentication (MFA) solutions and moving laterally throughout the compromised network. 

Late last year, Ivanti warned its users that it discovered multiple security vulnerabilities in its VPN products, including an authentication bypass vulnerability (CVE-2023-46805), and a command injection flaw (CVE-2024-21887). These flaws were used by different threat actors to drop infostealers, malware, and ransomware, on vulnerable targets. 

Some researchers said Chinese state-sponsored threat actors were actively exploiting the flaws, while others were warning that more than 2,000 Ivanti appliances were being abused to steal login credentials, session data, and more. The large scale of the attacks even prompted the U.S. Cybersecurity and Infrastructure Security (CISA) agency to issue an emergency directive and urge federal agencies to apply the patches immediately.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.