Chinese Attackers Deployed Backdoor Quintet to Down MITRE


China-linked hackers used a variety of backdoors and Web shells to compromise the MITRE Corporation late last year. 

Last month, it was revealed that MITRE, widely known for its Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework, had been exploited by Ivanti Connect Secure zero-day flaws. The hackers secured access to the Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified research and development network.

On May 3, MITRE disclosed further details regarding five distinct payloads used in an attack that spanned from New Year’s Eve to mid-March. 

MITRE perpetrators infected it with the “Rootrot” web shell as a New Year’s present in 2023. Rootrot is meant to implant itself in a valid Ivanti Connect Secure TCC file, allowing them to conduct reconnaissance and lateral movement within the NERVE system. 

The tool was created by the Chinese advanced persistent threat

Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: