<- Back to Insights
April 22, 2024
MITRE says state hackers breached its network via Ivanti zero-days
Summary
In January 2024, MITRE Corporation reported a security breach instigated by a state-sponsored hacking group that exploited two zero-day vulnerabilities in Ivanti VPNs. The breach was initially detected due to unusual activity in an unclassified network environment used for research and development, prompting an immediate investigation. Although the breach did not compromise MITRE's core enterprise network or its affiliates, the attackers were able to maneuver through the network and access sensitive data by using sophisticated methods to bypass security measures, including multi-factor authentication. The incident has prompted notifications to impacted parties and collaborations with authorities as MITRE works to establish secure operational alternatives while advocating for improved cybersecurity defenses across the industry.
Explore Related Topics