MITRE, a federally funded research and development center working on cybersecurity research for the US government, has said that a nation-state threat actor has breached one of its networks.
The organization said it took its Networking Experimentation, Research and Virtualization Environment (NERVE) offline after suspicious activity was detected earlier in April.
“Following detection of the incident, MITRE took prompt action to contain the incident, including taking the NERVE environment offline, and quickly launched an investigation with the support of in-house and leading third-party experts,” the organization said in a blog post detailing the incident.
“The investigation is ongoing, including to determine the scope of information that may be involved.”
An investigation revealed that the threat actor exploited two Ivanti Connect Secure zero-day vulnerabilities to target MITRE's Virtual Private Networks, then dug deep into the organization's VMware infrastructure using a compromised administrator account.
In the blog post, MITRE explains that it followed the best practices, instructions, and the government’s advice to upgrade, replace, and harden its Ivanti system. Still, it did not detect the lateral movement into their VMware infrastructure.
“At the time we believed we took all the necessary actions to mitigate the vulnerability, but these actions were clearly insufficient,” MITRE admitted.
NERVE is an unclassified collaborative network that provides storage, computing, and networking resources. MITRE said there is currently no indication that its core enterprise network or partner systems were impacted.
“No organization is immune from this type of cyber attack, not even one that strives to maintain the highest cybersecurity possible,” said Jason Providakes, president and CEO of MITRE.
“We are disclosing this incident in a timely manner because of our commitment to operate in the public interest and to advocate for best practices that enhance enterprise security as well as necessary measures to improve the industry’s current cyber defense posture. The threats and cyber attacks are becoming more sophisticated and require increased vigilance and defense approaches.”
Your email address will not be published. Required fields are markedmarked