In January 2024 [6], MITRE Corporation reported a breach of their R&D network, NERVE [1] [2] [3] [4] [6] [7], by foreign nation-state hackers exploiting zero-day vulnerabilities in Ivanti software [1].
Description
The attackers infiltrated MITRE’s VMware infrastructure through a compromised administrator account [1], utilizing web shells, backdoors [1] [3], and virtual instances for persistence and data exfiltration [3]. The breach, unnoticed for three months [3], underscored the attackers’ sophistication. NERVE [1] [2] [3] [4] [6] [7], a research environment for rapid prototyping, potentially holds valuable data on experimental technologies and intellectual property. MITRE is prioritizing secure-by-design principles, enhanced supply chain security [5], micro-segmented networks [5], and zero-trust architecture in response [5]. They are working to restore secure collaboration options and have shared insights with the community. The investigation continues [2], with no evidence of impact on the core enterprise network or partners’ systems. MITRE has taken NERVE offline and initiated measures to safeguard research data. The attackers circumvented multi-factor authentication (MFA) and stole session cookies to move laterally within the network [4]. The attack is attributed to a foreign nation-state threat actor [4]. Ivanti had previously alerted to vulnerabilities in its VPN products [4], actively exploited by threat actors for malware deployment and data theft [4]. The US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive for immediate patching of affected systems [4].
Conclusion
The breach at MITRE Corporation underscores the critical need for robust cybersecurity measures. Mitigations include enhanced security protocols, ongoing monitoring [2], and rapid response to threats. The incident highlights the evolving tactics of threat actors and the importance of proactive defense strategies. Collaboration and information sharing within the cybersecurity community are essential to combatting cyber threats effectively.
References
[1] https://www.infosecurity-magazine.com/news/mitre-ivanti-breach-nation-state/
[2] https://www.helpnetsecurity.com/2024/04/22/mitre-breached/
[3] https://www.darkreading.com/endpoint-security/mitre-attacked-infosecs-most-trusted-name-falls-to-ivanti-bugs
[4] https://www.techradar.com/pro/security/mitre-says-it-was-hit-by-hackers-exploiting-ivanti-flaws
[5] https://www.cybersecuritydive.com/news/mitre-cyberattack-ivanti-exploits/713860/
[6] https://securityaffairs.com/162045/security/mitre-security-breach-ivanti-zero-days.html
[7] https://www.scmagazine.com/news/mitre-research-and-prototyping-network-breached-via-ivanti-zero-days
