The MITRE hack in December 2023 involved a China-linked cyberespionage group exploiting Ivanti zero-day vulnerabilities to gain access to the NERVE network, deploy malware, and exfiltrate data.
- MITRE was targeted by a cyberespionage group linked to China, UNC5221, who exploited Ivanti Connect Secure VPN device zero-day vulnerabilities.
- The hackers gained access to the NERVE network on December 31, 2023, and proceeded to profile the environment, manipulate virtual machines, and deploy malicious payloads.
- MITRE discovered the intrusion in April, after the hackers had maintained persistence in the network and attempted lateral movement.
- The attackers deployed various web shells and backdoors, including BrickStorm, BeeFlush, WireFire, and BushWalk, for control and data exfiltration.
- Ivanti vulnerabilities used in the hack were also exploited in other attacks on government, telecoms, defense, and tech organizations.
- Ivanti released patches for the vulnerabilities in late January, after the attacks were made public.