MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days

Ambulances from many of Ascension's hospitals were rerouted in May due to a cyberattack on the nonprofit network, which is headquartered in St. Louis and consists of 140 hospitals spread over 19 states. The problem took nearly a month to completely fix. Additionally, a ransomware assault on Change Healthcare, a division of the massive healthcare organization UnitedHealth Group, in February disrupted pharmacy billing across the United States and threatened to bankrupt certain healthcare providers. The Mitre Corp. intrusion serves as a stark reminder of the seriousness of advanced persistent threats and the need of strong cybersecurity defenses. In one instance, a nation-state-affiliated attacker gained access to Mitre's research network by taking use of zero-day vulnerabilities in Ivanti VPN products. Through the use of cunning strategies including session hijacking and lateral movement, the attacker was able to gain access to and compromise VMware infrastructure by using credentials that had been compromised.

As part of its reaction, Mitre quickly isolated the compromised network and emphasized the necessity of enhancing cybersecurity procedures across the board for the industry. In the wake of the assault, Mitre made many recommendations to reduce future vulnerabilities and boost overall resilience. These included establishing micro-segmentation of networks, bolstering supply chain security, and increasing secure-by-design principles. This incident is a sobering reminder of how quickly threats are changing and how much work goes into protecting against more complex cyberattacks, particularly for government affiliated companies that conduct vital research and development.

MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days