Chinese cyberespionage operation UNC5221 was disclosed by the MITRE Corporation to being behind the compromise of its Networked Experimentation, Research, and Virtualization Environment facilitated by the exploitation of Ivanti Connect Secure zero-day vulnerabilities, tracked as CVE-2023-46805 and CVE-2024-21887, The Hacker News reports. Intrusions infiltrating MITRE’s NERVE network commenced on New Year’s Eve, with attackers leveraging the Ivanti zero-days to deploy the ROOTROT web shell, which eventually led to the compromise of the organization’s VMware infrastructure and the distribution of the BRICKSTORM backdoor and BEEFLUSH web shell, according to a MITRE report.
Source: SC Magazine