MITRE discloses breach due to Ivanti’s zero-day vulnerabilities
Malicious actors exploited IT vendor Invanti’s two zero-day vulnerabilities and compromised MITRE and at least 10 of its customers.
The MITRE Corporation, a non-profit that oversees federally funded research, suffered a data breach in January and has explained that it was caused by threat actors who exploited two zero-day vulnerabilities in products from its IT vendor, Ivanti’s Connect Secure.
Ivanti has shared that the threat actors exploited the two vulnerabilities (CVE-2023-46805 and CVE-2024-21887) to attack at least 10 of its customers.
MITRE CTO Charles Clancy shared that the affected network ‘provides storage, computing, and networking resources.’ Clancy added that there is ‘no indication that MITRE’s core enterprise network or partners’ systems were affected by this incident.’
In the blog post, MITRE shared that the threat actors used a ‘combination of sophisticated backdoors and webshells to maintain persistence and harvest credentials.’ They also shared,’ At the time we believed we took all the necessary actions to mitigate the vulnerability, but these actions were clearly insufficient.’
MITRE has stated that they would further investigate the depth of the attack.
While MITRE has not attributed the incident to anyone, Volexcity, who initially discovered the Ivanti vulnerabilities, attributed it to the alleged Chinese nation-state-level threat actor.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.