Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Incidents

State Hackers Breach MITRE Using VPN Flaws

April 22, 2024
Reading Time: 3 mins read
in Incidents
State Hackers Breach MITRE Using VPN Flaws

In January 2024, The MITRE Corporation experienced a significant cybersecurity breach executed by a state-backed hacking group that exploited two zero-day vulnerabilities in Ivanti VPN solutions. This attack was detected following unusual activity in MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified platform utilized for research and development. The breach was sophisticated, involving the chaining of two specific Ivanti VPN zero-days and allowed the attackers to bypass multi-factor authentication using session hijacking techniques. This enabled them to navigate laterally across the network, specifically targeting MITRE’s VMware infrastructure.

MITRE’s response to the incident included notifying affected parties and contacting the relevant authorities to address the breach. They are currently working on establishing operational alternatives to mitigate the impact and prevent future occurrences. MITRE’s CEO, Jason Providakes, emphasized that no organization is immune to such cyber threats, highlighting the importance of transparency and the organization’s commitment to public interest and advocacy for improved cybersecurity practices across industries.

During the breach, the attackers employed a mix of sophisticated webshells and backdoors to maintain access and harvest credentials from the compromised systems. This allowed for an extensive period of espionage and data extraction undetected. The vulnerabilities exploited were an auth bypass (CVE-2023-46805) and a command injection (CVE-2024-21887), which had been used since early December to target multiple organizations worldwide, deploying various malware families for espionage.

The exploitation of these vulnerabilities was so widespread that CISA issued the year’s first emergency directive on January 19, mandating federal agencies to address the Ivanti zero-days immediately. This incident not only underscores the pervasive threat posed by state-sponsored cyber actors but also the critical vulnerabilities that can be exploited in widely used VPN appliances. The breach at MITRE, a leader in security and defense research, serves as a stark reminder of the persistent and evolving nature of cyber threats facing organizations globally.

Reference:
  • MITRE Corporation Breached by State-Backed Hackers Using Ivanti VPN Flaws

Tags: April 2024cyber incidentsCyber Incidents 2024Cyber RiskCyberattacksIvanti VPN solutionsMITRENERVENetworked Experimentation Research Virtualization Environment
ADVERTISEMENT

Related Posts

Sothebys Data Breach Exposes Customers

Pro Hamas Hackers Target Airport Speakers

October 17, 2025
Sothebys Data Breach Exposes Customers

Prosper Breach Hits 17 Million Accounts

October 17, 2025
Sothebys Data Breach Exposes Customers

Sothebys Data Breach Exposes Customers

October 17, 2025

F5 Reports Hackers Stole Source Code

October 16, 2025

YouTube Down Globally With Playback Errors

October 16, 2025

Spanish Retailer Mango Discloses Breach

October 16, 2025

Latest Alerts

Microsoft Pulls 200 Suspicious Certificates

NK Hackers Hide Malware In Blockchain

Hackers Spread Malware With Blockchain

Fortinet And Ivanti Patch Severe Flaws

Malicious VSCode Extensions Steal Crypto

Fake Password Manager Hijack PCs

Subscribe to our newsletter

    Latest Incidents

    Pro Hamas Hackers Target Airport Speakers

    Prosper Breach Hits 17 Million Accounts

    Sothebys Data Breach Exposes Customers

    F5 Reports Hackers Stole Source Code

    YouTube Down Globally With Playback Errors

    Spanish Retailer Mango Discloses Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial