Network Security, Vulnerability Management, Breach

Ivanti zero-days leveraged to infiltrate MITRE

patch presented in the form of binary code

MITRE Corporation disclosed it was compromised by a nation-state attack leveraging two Ivanti Connect Secure vulnerabilities, tracked as CVE-2023-46805 and CVE-2024-21887, in January, according to The Record, a news site by cybersecurity firm Recorded Future.

After infiltrating the Ivanti appliance through the flaws in early January, attackers proceeded with lateral movement to MITRE's VMware infrastructure by hijacking a stolen administrator account before eventually breaching its unclassified collaborative research and development network, which offers computing, storage, and networking resources, said MITRE Chief Technology Officer Charles Clancy.

Despite the lateral network movement that was identified only after it already implemented additional security defenses for its Ivanti system, MITRE noted that there was no evidence suggesting any compromise of its core enterprise network or its partners' systems.

Additional details regarding the attack, which was earlier associated by other researchers with a Chinese state-backed threat operation, are expected to be provided by MITRE in the coming weeks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.