Even the most prepared companies are not immune from hacking.
The American corporation MITRE, which coordinates federally funded scientific research, was attacked by hackers in January of this year. Unknown attackers used two vulnerabilities in the products of the IT company Ivanti to perform intelligence operations in the organization's networks through one of the VPN services.
The vulnerabilities, designated CVE-2023-46805 and CVE-2024-21887, were actively used to attack at least ten Ivanti clients. Responsibility for exploiting these vulnerabilities is attributed to Chinese state-sponsored hackers.
According to MITRE CTO Charles Clancy, the attack affected the network used for joint research and development, where prototyping and other types of work are carried out. The organization stressed that there is no indication that the main corporate MITRE network or partner systems were affected by the attack.
Hackers entered the system through an Ivanti Connect Secure device on the network perimeter, and then moved into the VMware infrastructure before the vulnerability became publicly known.
MITRE followed the recommendations of the government and Ivanti to update, replace and strengthen the protection of their systems, but was unable to detect the movement of hackers on the network. The Organization acknowledged that the measures taken were insufficient.
The investigation into the incident is still ongoing, and MITRE sees it as a revealing story about how even organizations with a high level of cyber defense can fall victim to sophisticated attacks.
In addition, MITRE promises to provide more detailed information about the technical aspects of the attack in the coming weeks and has already offered a list of recommendations for other organizations based on their experience.
Earlier, Google published a blog post describing an incident involving the same vulnerabilities, showing the scale of the problem faced by many governments and leading organizations, including even the US Cybersecurity and Infrastructure Security Agency (CISA).
The American corporation MITRE, which coordinates federally funded scientific research, was attacked by hackers in January of this year. Unknown attackers used two vulnerabilities in the products of the IT company Ivanti to perform intelligence operations in the organization's networks through one of the VPN services.
The vulnerabilities, designated CVE-2023-46805 and CVE-2024-21887, were actively used to attack at least ten Ivanti clients. Responsibility for exploiting these vulnerabilities is attributed to Chinese state-sponsored hackers.
According to MITRE CTO Charles Clancy, the attack affected the network used for joint research and development, where prototyping and other types of work are carried out. The organization stressed that there is no indication that the main corporate MITRE network or partner systems were affected by the attack.
Hackers entered the system through an Ivanti Connect Secure device on the network perimeter, and then moved into the VMware infrastructure before the vulnerability became publicly known.
MITRE followed the recommendations of the government and Ivanti to update, replace and strengthen the protection of their systems, but was unable to detect the movement of hackers on the network. The Organization acknowledged that the measures taken were insufficient.
The investigation into the incident is still ongoing, and MITRE sees it as a revealing story about how even organizations with a high level of cyber defense can fall victim to sophisticated attacks.
In addition, MITRE promises to provide more detailed information about the technical aspects of the attack in the coming weeks and has already offered a list of recommendations for other organizations based on their experience.
Earlier, Google published a blog post describing an incident involving the same vulnerabilities, showing the scale of the problem faced by many governments and leading organizations, including even the US Cybersecurity and Infrastructure Security Agency (CISA).
