Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Incidents

State Hackers Breach MITRE Using VPN Flaws

April 22, 2024
Reading Time: 3 mins read
in Incidents
State Hackers Breach MITRE Using VPN Flaws

In January 2024, The MITRE Corporation experienced a significant cybersecurity breach executed by a state-backed hacking group that exploited two zero-day vulnerabilities in Ivanti VPN solutions. This attack was detected following unusual activity in MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified platform utilized for research and development. The breach was sophisticated, involving the chaining of two specific Ivanti VPN zero-days and allowed the attackers to bypass multi-factor authentication using session hijacking techniques. This enabled them to navigate laterally across the network, specifically targeting MITRE’s VMware infrastructure.

MITRE’s response to the incident included notifying affected parties and contacting the relevant authorities to address the breach. They are currently working on establishing operational alternatives to mitigate the impact and prevent future occurrences. MITRE’s CEO, Jason Providakes, emphasized that no organization is immune to such cyber threats, highlighting the importance of transparency and the organization’s commitment to public interest and advocacy for improved cybersecurity practices across industries.

During the breach, the attackers employed a mix of sophisticated webshells and backdoors to maintain access and harvest credentials from the compromised systems. This allowed for an extensive period of espionage and data extraction undetected. The vulnerabilities exploited were an auth bypass (CVE-2023-46805) and a command injection (CVE-2024-21887), which had been used since early December to target multiple organizations worldwide, deploying various malware families for espionage.

The exploitation of these vulnerabilities was so widespread that CISA issued the year’s first emergency directive on January 19, mandating federal agencies to address the Ivanti zero-days immediately. This incident not only underscores the pervasive threat posed by state-sponsored cyber actors but also the critical vulnerabilities that can be exploited in widely used VPN appliances. The breach at MITRE, a leader in security and defense research, serves as a stark reminder of the persistent and evolving nature of cyber threats facing organizations globally.

Reference:
  • MITRE Corporation Breached by State-Backed Hackers Using Ivanti VPN Flaws

Tags: April 2024cyber incidentsCyber Incidents 2024Cyber RiskCyberattacksIvanti VPN solutionsMITRENERVENetworked Experimentation Research Virtualization Environment
ADVERTISEMENT

Related Posts

Cybersecurity Firms Hit By Breach

Bridgestone Confirms Cyberattack

September 5, 2025
Cybersecurity Firms Hit By Breach

North Korean Hackers Fake Interviews

September 5, 2025
Cybersecurity Firms Hit By Breach

Cybersecurity Firms Hit By Breach

September 5, 2025
Salesloft Drift Attacks Hits Vendors

Salesloft Drift Attacks Hits Vendors

September 4, 2025
Salesloft Drift Attacks Hits Vendors

Jaguar Land Rover Hit By Cyber Incident

September 4, 2025
Salesloft Drift Attacks Hits Vendors

Hackers Use Grok Ai To Spread Malware

September 4, 2025

Latest Alerts

SAP S4hana Exploited Vulnerability

Virustotal Finds Undetected SVG Files

Russian APT28 Deploys Outlook Backdoor

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

Subscribe to our newsletter

    Latest Incidents

    North Korean Hackers Fake Interviews

    Bridgestone Confirms Cyberattack

    Cybersecurity Firms Hit By Breach

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial