MITRE breached by nation-state threat actor via Ivanti zero-days

MITRE has been breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network’s VMware infrastructure, MITRE confirmed late last week. What is known about the breach? The MITRE Corporation is an American not-for-profit organization that manages federally funded research and development centers supporting various US government agencies. “After detecting suspicious activity on [MITRE’s] Networked Experimentation, Research, and … More →

The post …

actor american apt attackers breach breached compromise connect connect secure cve cve-2023-46805 cve-2024 cve-2024-21887 data breach devices don't miss hot stuff incident response infrastructure ivanti managed mandiant mitre nation network profit secure vpn state the company the mitre corporation threat threat actor vmware volexity vpn vulnerabilities week what is zero-day zero-days zero-day vulnerabilities