MITRE Links Recent Attack to China-Associated UNC5221


MITRE recently provided further insight into the recent cyber intrusion, shedding light on the new malicious software employed and a timeline detailing the attacker’s actions.
In April 2024, MITRE announced a breach in one of its research and prototyping networks. Following the discovery, MITRE’s security team swiftly initiated an investigation, ejected the threat actor, and enlisted third-party forensics Incident Response teams for independent analysis alongside internal experts. It was revealed that a nation-state actor had infiltrated MITRE’s systems in January 2024 by exploiting two Ivanti Connect Secure zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887).
The intrusion was detected when MITRE noticed suspicious activity from a foreign nation-state threat actor targeting its Networked Experimentation, Research, and Virtualization Environment (NERVE), which is utilized for research and prototyping purposes. MITRE promptly took NERVE offline and commenced mitigation procedures. Although investigations are ongoing to ascertain the extent of compromised information, MITRE has informed relevant authorities and affected parties while endeavoring to restore alternative collaboration platforms.
Despite MITRE’s adherence to industry best practices, vendor recommendations, and governmental directives to bolster its Ivanti system, oversight led to unauthorized access into its VMware infrastructure. However, MITRE emphasized

Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: