The MITRE Corporation disclosed late last week that one of its unclassified research and prototyping networks was breached by an undisclosed nation-state.Lex Crumpton, a principal cybersecurity engineer at MITRE, said in a blog post that starting in January 2024, a threat actor performed reconnaissance of MITRE’s networks and exploited one of the organization’s VPNs through two Ivanti Connect Secure zero-day vulnerabilities. Crumpton said the threat actor then moved past MITRE’s multi-factor authentication using session hijacking. From there, it moved laterally and dug into MITRE’s VMware infrastructure using a compromised administrator account. They then employed a combination of sophisticated backdoors and webshells to maintain persistence and harvest credentials.“MITRE followed best practices, vendor instructions, and the government’s advice to upgrade, replace and harden our Ivanti systems, but we did not detect the lateral movement into our VMware infrastructure,” said Crumpton. “At the time we believed we took all the necessary actions to mitigate the vulnerability, but these actions were clearly insufficient.” Callie Guenther, senior manager of threat research at Critical Start, and an SC Media columnist, explained that the exploitation of two zero-day vulnerabilities in Ivanti Connect Secure appliances points to a high level of sophistication and resources typical of nation-state actors.The flaws exploited (CVE-2023-46805 and CVE-2024-21887) let the attackers bypass authentication and execute arbitrary commands, which Guenther said are severe exploits with high CVSS scores — 8.2 and 9.1, respectively.
Network Security, Vulnerability Management, Breach
MITRE research and prototyping network breached via Ivanti zero-days

(Antony-22, CC BY-SA 4.0, via Wikimedia Commons)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds