MITRE Concludes Its Internal Cyber-Attack Investigation

In April, MITRE disclosed that its research collaboration network known as NERVE was hacked by a Chinese nation-state adversary. After collaboration with law enforcement and CrowdStrike, a cyber forensics provider, MITRE has concluded its internal investigation of the incident involving two Ivanti Connect Secure zero-day vulnerabilities that bypassed our multi-factor authentication. The adversary maneuvers within the network and the VMware infrastructure are explained in a three-part series of technical blogs that you can read here.

“We quickly disclosed the incident and what facts we knew at the time to our government sponsors, trustees, and law enforcement, as well as our employees and the cyber community,” said Jason Providakes, MITRE, president and CEO. “As a company that operates in the public interest, this timely and transparent response to the cyber-attack and sharing our learnings will enable organizations in the public and private sectors to help deter future attacks.” 

While the investigation has concluded, MITRE will continue to share any new relevant information that becomes available and support the ongoing federal law enforcement investigation of the incident. 

“As adversaries continue to evolve their tactics and techniques, it is imperative for organizations to remain vigilant and adaptive in defending against cyber threats,” said Charles Clancy, MITRE, senior vice president and chief technology officer. “We continue to evolve our cybersecurity frameworks and share with the cyber community. By understanding and countering their new adversary behaviors, we can bolster our defenses and safeguard critical assets against future intrusions.”