MITER Corporation revealed on April 19 that it was one of more than 1,700 organizations compromised by a state-sponsored hacking group in January 2024. The MITER data breach, which involved a chain of two Ivanti VPN zero-days, highlights the evolving nature of cyber threats and the challenges organizations face in defending against them.
The MITER data breach was detected after suspicious activity was discovered on MITER's Network Experimentation, Research, and Virtualization Environment (NERVE), an unclassified collaborative network used for research and development.
MITER DATA Breach Discovery and Response
Following the detection, MITER immediately took NERVE offline and began an investigation with internal and external cybersecurity assistance.
Expert.
“Following the detection of the incident, MITER took swift action to contain the incident, including taking the NERVE environment offline, and immediately began an investigation with the assistance of internal and key third-party experts. “An investigation is ongoing, including determining the scope of possible information,” the official notice reads.
MITER CEO Jason Providax emphasized that “no organization is immune to these types of cyberattacks, even those that strive to maintain the highest possible cybersecurity.” Mr. Probitaix emphasized the importance of timely disclosure of incidents to promote best practices and strengthen enterprise security.
“We are responding to this incident because of our commitment to acting in the public interest and advocating for best practices that strengthen enterprise security and the necessary steps to improve the industry’s current cyber defense posture. We are making a timely disclosure. Threats and cyber-attacks are becoming increasingly sophisticated and require increased vigilance and defensive approaches. As always, we will share what we have learned from this experience to help others. to help others and evolve our own practices,” Providax said.
MITER Chief Technology Officer Charles Clancy provided additional insight, explaining that threat actors had compromised the Ivanti Connect Secure appliance, which is used to provide connectivity to trusted networks. Mr. Clancy emphasized the need for the industry to adopt more advanced cybersecurity solutions in response to increasingly sophisticated threats.
MITER has outlined four key recommendations.
- Design principles that improve safety: Hardware and software must be inherently secure.
- Achieve safe supply chain operations: Leverage software bills of materials to understand threats in upstream software systems.
- Deploying a zero trust architecture: Implement network microsegmentation in addition to multi-factor authentication.
- Adopt adversarial engagement: Enable detection and deterrence by making threat actors a routine part of cyber defense.
MITER has a long history of contributing to cybersecurity research and development in the public interest. The organization develops frameworks such as ATT&CK®, Engage™, D3FEND™, and CALDERA™, which are used by the global cybersecurity community.
Details of the MITER data breach
The MITER data breach involved two zero-day vulnerabilities: authentication bypass (CVE-2023-46805) and command injection (CVE-2024-21887). These vulnerabilities allowed attackers to bypass multi-factor authentication defenses and use hijacked administrator accounts to move laterally through a compromised network.
Attackers utilized sophisticated web shells and backdoors to maintain access to hacked systems and collect credentials. Since early December, this vulnerability has been exploited to introduce multiple malware families for espionage purposes.
Mandiant believes these attacks are due to an Advanced Persistent Threat (APT) known as UNC5221, while Volexity reports signs that Chinese state-sponsored actors are exploiting zero-days . Volexity discovered breaches of over 2,100 Ivanti appliances, impacting organizations of all sizes around the world, including Fortune 500 companies.
Due to the scale and severity of the attack, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive on January 19 directing federal agencies to immediately mitigate Ivanti's zero-day.
The MITER disclosure serves as a reminder of the continuing threat posed by cyber attackers and the critical need for organizations to continually strengthen their cybersecurity defenses.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for informational purposes only and the user is solely responsible for the reliability of the information. cyber express assumes no responsibility for the accuracy or consequences of the use of this information.
