China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion
- MITRE Corporation disclosed cyber attack evidence dating back to December 31, 2023
- Attack targeted MITRE's NERVE network through Ivanti Connect Secure zero-day vulnerabilities
- Adversary used backdoors and web shells to maintain persistence and harvest credentials
- Adversary dropped ROOTROT web shell for initial access, linked to China-nexus cyber espionage cluster UNC5221
- Threat actor deployed additional web shells like BRICKSTORM, BEEFLUSH, WIREFIRE for communication and data exfiltration