MITRE Hacked – Attackers Compromised R&D Networks Using Ivanti Zero-days

The MITRE Corporation, a non-profit organization that runs federally funded research and development centers, has disclosed that a sophisticated cyber attack recently compromised one of its internal research and development networks.

  • MITRE detected the attack on one of its internal R&D networks and took immediate action to contain the incident.
  • The attack was believed to have been initiated by the UNC5221 group from China.
  • The attack had no impact on the organization’s business and public-facing networks.
  • MITRE collaborates with its federal sponsors and law enforcement agencies to investigate the attack and identify the perpetrators.
  • The organization has not disclosed any further details about the attack, citing the ongoing nature of the investigation.

MITRE’s cybersecurity team detected a sophisticated cyber attack targeting one of the organization’s internal research and development networks. Upon discovery, MITRE promptly implemented its incident response protocols to contain the attack and minimize its impact.

MITRE confirms that a foreign nation-state threat actor launched this Cyber attack. This threat actor compromised the Ivanti Connect Secure appliance, which provides connectivity into some of our most trusted networks.

Volexity said Chinese hackers backdoored over 2,100 Ivanti appliances to collect account and session data from infiltrated networks. Many Fortune 500 corporations from various industries were among the victims.

MITRE was one of those compromised. In the interest of transparency and public interest, we want to share our experiences so others can learn from them.”

The organization has assured its customers and the public that the compromised network was separate from its business and public-facing networks, which remain fully operational and secure.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

MITRE’s sponsors and customers have been notified of the incident, and the organization is working closely with them to address any concerns.

“We are disclosing this incident in a timely manner because of our commitment to operate in the public interest and to advocate for best practices that enhance enterprise security as well as necessary measures to improve the industry’s current cyber defense posture.”

MITRE has investigated the attack in collaboration with federal law enforcement agencies. Citing the ongoing investigation, the organization has not disclosed any additional details regarding the nature of the attack, the identity of the perpetrators, or the potential impact on its research and development activities.

“MITRE has contacted authorities and notified affected parties and is working to restore operational alternatives for collaboration in an expedited and secure manner.”

“No organization is immune from this type of cyber attack, not even one that strives to maintain the highest cybersecurity possible,” said Jason Providakes, president and CEO, MITRE.

As a leading provider of cybersecurity expertise and solutions, MITRE remains committed to maintaining the highest standards of security and protecting its networks, data, and intellectual property.

The organization has stated that it will continue to work diligently to investigate the incident, strengthen its defenses, and share any relevant findings with the cybersecurity community to help prevent similar attacks in the future.

Free Webinar: Mastering Web Application and API Protection/WAF ROI Analysis -  Book Your Spot

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.