Heimdal
article featured image

Contents:

MITRE Corporation announced that state-backed hackers used Ivanti zero-day vulnerabilities to breach their system.

The attack happened in January 2024 and impacted MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE). NERVE is an unclassified collaborative network that researchers use.

The two Ivanti vulnerabilities were:

None of them had an available patch when the attack happened.

mitre breach cause

How did hackers breach MITRE?

At the core of the attack were two Ivanti zero-days and the fact that MITRE did not detect in time a lateral movement activity.

MITRE followed best practices, vendor instructions, and the government’s advice to upgrade, replace, and harden our Ivanti system, but we did not detect the lateral movement into our VMware infrastructure. At the time we believed we took all the necessary actions to mitigate the vulnerability, but these actions were clearly insufficient.

mitre breach

Source – MITRE Engenuity

Researchers at MITRE say the attack started in January 2024. After reconnaissance:

  • Hackers used two Ivanti zero-days to breach MITRE`s Virtual Private Networks (VPNs)
  • They used session hijacking to work around multi-factor authentication
  • Used a compromised admin account to move laterally
  • The attackers harvested credentials and maintained persistence through backdoors and webshells

How to mitigate a zero-day attack’s impact

The MITRE breach is a reminder that even those who abide cybersecurity standards can be victims of cyberattacks. In case of hackers exploiting a zero-day, the difference is in how much they can advance into the network. Or in how the attack impacts data integrity.

Robertino Matausch, Cybersecurity Expert @Heimdal says there is no such thing as 100% security.

The MITRE breach is a wake-up call. Falling victim to a cyberattack is not a question of if, but when! For now, I don`t see what MITRE could have done to avoid it. The question is was Ivanti providing the patches fast enough? If not – Ivanti’s fault, if yes Mitre was not fast enough patching.

Robertino Matausch, Cybersecurity Expert @Heimdal

This doesn’t mean you should resign to the thought that a system breach can happen no matter how thoroughly you try to avoid it.

To mitigate the impact of a zero-day attack you should:

  • Use network segmentation to prevent the attack from spreading
  • Enforce a Zero-trust policy and the principle of least privilege (PoLP)
  • Use a DNS filtering tool to detect and block inbound and outbound malicious communication
  • Strengthen passwords
  • Use a NextGen AV
  • Use End-to-end encryption

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Heimdal Official Logo
The next level of security - powered by the Heimdal Unified Security Platform
Experience the power of the Heimdal cloud-delivered XDR platform and protect your organization from cyber threats.
  • End-to-end consolidated cybersecurity;
  • Complete visibility across your entire IT infrastructure;
  • Faster and more accurate threat detection and response;
  • Efficient one-click automated and assisted actioning
Try it for FREE today 30-day Free Trial. Offer valid only for companies.
Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE