#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

MITRE Corporation | Breaking Cybersecurity News | The Hacker News

Category — MITRE Corporation
Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack

Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack

May 24, 2024 Endpoint Security / Threat Intelligence
The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the threat actor creating rogue virtual machines (VMs) within its VMware environment. "The adversary created their own rogue VMs within the VMware environment, leveraging compromised vCenter Server access," MITRE researchers Lex Crumpton and Charles Clancy  said . "They wrote and deployed a JSP web shell (BEEFLUSH) under the vCenter Server's Tomcat server to execute a Python-based tunneling tool, facilitating SSH connections between adversary-created VMs and the ESXi hypervisor infrastructure." The motive behind such a move is to sidestep detection by obscuring their malicious activities from centralized management interfaces like vCenter and maintain persistent access while reducing the risk of being discovered. Details of the attack  emerged  last month when MITRE rev...
MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

Apr 22, 2024 Network Security / Cybersecurity
The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified research and prototyping network. The unknown adversary "performed reconnaissance of our networks, exploited one of our Virtual Private Networks (VPNs) through two Ivanti Connect Secure zero-day vulnerabilities, and skirted past our multi-factor authentication using session hijacking," Lex Crumpton, a defensive cyber operations researcher at the non-profit,  said  last week. The attack entailed the  exploitation  of CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), which could be weaponized by threat actors to bypass authentication and run arbitrary commands on the infected system. Upon gaining initial access, the threat actors m...
cyber security

10 Steps to Microsoft 365 Cyber Resilience

websiteVeeamCyber Resilience / Data Security
75% of organizations get hit by cyberattacks, and most report getting hit more than once. Read this ebook to learn 10 steps to take to build a more proactive approach to securing your organization's Microsoft 365 data from cyberattacks and ensuring cyber resilience.
Expert Insights / Articles Videos
Cybersecurity Resources