MITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti Bugs
Dark Reading
|
Contributed by: Drex DeFord
Summary
Foreign nation-state hackers exploited vulnerabilities in Ivanti edge devices to gain extensive access to MITRE Corp.'s unclassified network for three months. MITRE, known for its ATT&CK glossary on cyberattack techniques, faced its first major incident in 15 years due to these exploits. The breach targeted the NERVE network, used for research and development, whose extent of damage is still under assessment. The attackers bypassed multifactor authentication and utilized various techniques to infiltrate and persist within MITRE's VMware infrastructure, ultimately exfiltrating data to a command-and-control server. Despite following recommended best practices for securing the compromised Ivanti system, MITRE was unable to detect the breach until three months later, highlighting the sophistication of the attack and the need for improved detection and mitigation strategies.