Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Incidents

State Hackers Breach MITRE Using VPN Flaws

April 22, 2024
Reading Time: 3 mins read
in Incidents
State Hackers Breach MITRE Using VPN Flaws

In January 2024, The MITRE Corporation experienced a significant cybersecurity breach executed by a state-backed hacking group that exploited two zero-day vulnerabilities in Ivanti VPN solutions. This attack was detected following unusual activity in MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified platform utilized for research and development. The breach was sophisticated, involving the chaining of two specific Ivanti VPN zero-days and allowed the attackers to bypass multi-factor authentication using session hijacking techniques. This enabled them to navigate laterally across the network, specifically targeting MITRE’s VMware infrastructure.

MITRE’s response to the incident included notifying affected parties and contacting the relevant authorities to address the breach. They are currently working on establishing operational alternatives to mitigate the impact and prevent future occurrences. MITRE’s CEO, Jason Providakes, emphasized that no organization is immune to such cyber threats, highlighting the importance of transparency and the organization’s commitment to public interest and advocacy for improved cybersecurity practices across industries.

During the breach, the attackers employed a mix of sophisticated webshells and backdoors to maintain access and harvest credentials from the compromised systems. This allowed for an extensive period of espionage and data extraction undetected. The vulnerabilities exploited were an auth bypass (CVE-2023-46805) and a command injection (CVE-2024-21887), which had been used since early December to target multiple organizations worldwide, deploying various malware families for espionage.

The exploitation of these vulnerabilities was so widespread that CISA issued the year’s first emergency directive on January 19, mandating federal agencies to address the Ivanti zero-days immediately. This incident not only underscores the pervasive threat posed by state-sponsored cyber actors but also the critical vulnerabilities that can be exploited in widely used VPN appliances. The breach at MITRE, a leader in security and defense research, serves as a stark reminder of the persistent and evolving nature of cyber threats facing organizations globally.

Reference:
  • MITRE Corporation Breached by State-Backed Hackers Using Ivanti VPN Flaws

Tags: April 2024cyber incidentsCyber Incidents 2024Cyber RiskCyberattacksIvanti VPN solutionsMITRENERVENetworked Experimentation Research Virtualization Environment
ADVERTISEMENT

Related Posts

Arla Foods Dairy Plant Production Halted By A Disruptive Cyberattack

Arla Plant Cyberattack Halts Operations

May 19, 2025
Massive DDoS Attack Cripples Poland's Civic Platform And Public Entities

Massive DDoS Hits Poland’s Civic Platform

May 19, 2025
Georgia’s Harbin Clinic Hit by Data Breach

Georgia’s Harbin Clinic Hit by Data Breach

May 19, 2025
Coinbase Insider Attack Exposed User Data

Coinbase Insider Attack Exposed User Data

May 16, 2025
Coinbase Insider Attack Exposed User Data

Hackers Target Swiss Reserve Power Plant

May 16, 2025
Coinbase Insider Attack Exposed User Data

Cyberattack Hits J Batista Group

May 16, 2025

Latest Alerts

Mozilla Urgent Firefox Patch Fixes RCE Flaws

ModiLoader Malware Targets Windows Users

Glibc Flaw Gives Linux Root Access Risk

Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

APT28 RoundPress Webmail Hack Steals Emails

Subscribe to our newsletter

    Latest Incidents

    Massive DDoS Hits Poland’s Civic Platform

    Arla Plant Cyberattack Halts Operations

    Georgia’s Harbin Clinic Hit by Data Breach

    Hackers Target Swiss Reserve Power Plant

    Coinbase Insider Attack Exposed User Data

    Cyberattack Hits J Batista Group

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial