Foreign threat actor exploits Mitre VPN via Ivanti zero-day vulnerabilities
A threat actor exploited one of the nonprofit’s VPNs via two zero-day vulnerabilities in Ivanti Connect Secure.
Illustration: Dianna “Mick” McDougall, Photo: Getty Images
· less than 3 min read
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Mitre has broken its 15-year record of avoiding major cyber incidents, announcing in a news release that it—a nonprofit that operates federally funded research and development centers—fell victim to a breach starting in January.
A foreign nation-state threat actor exploited a Mitre VPN via two zero-day vulnerabilities in Ivanti Connect Secure, the blog post and news release read.
Mitre did not disclose further information about the threat actor’s origins to IT Brew, but Volexity—which investigated the Ivanti vulnerabilities after detecting unusual “lateral movement using compromised credentials” on the network of one of its customers—said in January that it suspected a “Chinese nation-state-level threat actor.”
The zero-day exploits in Ivanti products have affected around 1,700 organizations so far this year, according to Cybersecurity Dive.
In an email from Will Rasmussen, a PR rep at Kekst CNC, Mike Riemer—field CISO at Ivanti—said in a statement that “Ivanti has made patches available since early February for the vulnerabilities at issue and is committed to doing everything it can to stay ahead of increasingly sophisticated threat actors, who continue to develop new and innovative methods to gain entry into best-in-class security products.”
After confirming the incident this month, Mitre began an investigation, cutting off “all known access to the threat actor,” and bringing in “third-party Digital Forensics Incident Response teams to perform their own independent analysis alongside our in-house experts,” Lex Crumpton, principal cybersecurity engineer at Mitre, and CTO Charles Clancy wrote in the April 19 post.
In response to the incident, they said Mitre “isolated affected systems and segments of the network” to prevent the attack from spreading. Other efforts included governance—the CTO led the “overall company-wide response”—as well as analysis, remediation, communication, and enhanced monitoring.
“Beyond the specifics of this particular incident, Mitre is committed to its public interest mission to strengthen cybersecurity for the entire industry,” Crumpton and Clancy wrote. “Zero-day vulnerabilities in the devices used to protect our networks are unacceptable.”
When asked for comment, Mitre directed IT Brew to its news release, blog, and other materials.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.