Chinese cyberespionage operation UNC5221 was disclosed by the MITRE Corporation to being behind the compromise of its Networked Experimentation, Research, and Virtualization Environment facilitated by the exploitation of Ivanti Connect Secure zero-day vulnerabilities, tracked as CVE-2023-46805 and CVE-2024-21887, The Hacker News reports.Intrusions infiltrating MITRE's NERVE network commenced on New Year's Eve, with attackers leveraging the Ivanti zero-days to deploy the ROOTROT web shell, which eventually led to the compromise of the organization's VMware infrastructure and the distribution of the BRICKSTORM backdoor and BEEFLUSH web shell, according to a MITRE report. Attackers then proceeded with data exfiltration efforts with the delivery of the WIREFIRE, or GIFTEDADVISOR, web shell following the public disclosure of the Ivanti bugs on Jan. 11 before leveraging the BUSHWALK web shell for NERVE data transmission to their command-and-control infrastructure a week later, said the report, which added that lateral movement efforts were also conducted between February and mid-March.
Network Security, Threat Intelligence, Endpoint/Device Security
MITRE breach linked to Chinese threat operation

(Adobe Stock)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds