American Corporation Mitre, which is coordinating federal financial research, was attacked by hackers in January of this year. Unknown attackers exploited two vulnerabilities in IT company Ivanti products to carry out reconnaissance operations in the organization’s network through one of the VPN services.
The vulnerabilities, designated as cve-2023-46805 and cve-2024-21887, were actively used for attacks on at least ten Ivanti customers. The responsibility for exploiting these vulnerabilities is attributed to Chinese hackers sponsored by the state.
According to MITRE Technical Director Charles Clans, the attack affected the network used for joint research and development, where prototyping and other work are carried out. Mitre emphasized that there are no signs that the main corporate network of Mitre or the systems of partners were impacted by the attack.
The hackers infiltrated the system through the Ivanti Connect Secure device on the network, later moving to the VMware infrastructure before the vulnerability was widely known.
Mitre followed the recommended actions from the Government and Ivanti to update, replace, and strengthen the protection of their systems. However, they were unable to detect the hackers’ movement across the network. The organization acknowledged that the measures taken were insufficient.
The investigation into the incident is ongoing, and Mitre views it as an illustrative example of how even organizations with high levels of cyber protection can fall victim to complex attacks.
Mitre has promised to provide more detailed information about the technical aspects of the attack in the upcoming weeks and has already proposed a list of recommendations for other organizations based on their experience.
Earlier, Google published a blog post describing the incident associated with the same vulnerabilities, highlighting the scale of the issue faced by many governments and leading organizations, including the American cybersecurity and infrastructure security agency (C