www.cybersecuritydive.com
Open in
urlscan Pro
2606:4700:4400::6812:2860
Public Scan
Submitted URL: https://www.cybersecuritydive.com/news/mitre-cyberattack-ivanti-exploits/713860/#:~:text=Exploits%20of%20Ivanti%20VPN%20products%2...
Effective URL: https://www.cybersecuritydive.com/news/mitre-cyberattack-ivanti-exploits/713860/
Submission: On June 18 via api from US — Scanned from DE
Effective URL: https://www.cybersecuritydive.com/news/mitre-cyberattack-ivanti-exploits/713860/
Submission: On June 18 via api from US — Scanned from DE
Form analysis 7 forms found in the DOM
Name: signup-inter-form — POST /signup/
<form id="signup-inter-form" class="form-basic" name="signup-inter-form" action="/signup/" method="POST">
<input type="hidden" name="signup_box_location" value="interstitial">
<input type="hidden" name="signup_initial_url_path" value="">
<h1> Don’t miss tomorrow’s Cybersecurity industry news </h1>
<p class="interstitial-text"> Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox. </p>
<p class="form-error__message" id="interstitial-error"></p>
<div id="form-interstitial">
<input type="email" name="email" placeholder="Work email address" class="email" required="" id="id_809684_email">
<div id="newsletter-list-section">
</div>
<div id="interstitial-consent-container">
<input name="user_consent" value="1" id="id_user_consent" type="checkbox">
<span> By signing up to receive our newsletter, you agree to our <a href="https://www.industrydive.com/terms-of-use/" target="_blank">Terms of Use</a> and
<a href="https://www.industrydive.com/privacy-policy/" target="_blank">Privacy Policy</a>. You can unsubscribe at anytime. </span>
</div>
</div>
<input id="signup-inter-submit" class="email_submit submit button" type="submit" data-role="none" value="Subscribe today">
</form>GET /search/
<form action="/search/" method="GET" data-ajax="false">
<label for="search-desktop">
<span class="screen-reader-text search">Search</span>
</label>
<input id="search-desktop" type="search" name="q" placeholder="Search" data-role="none">
<button type="submit" value="" data-role="none" class="search-button-front analytics t-search-navigation-drawer">
<img src="/static/img/menu_icons/search.svg?320116291121" alt="search" height="16" width="16" loading="lazy">
</button>
<img class="close" src="/static/img/menu_icons/close.svg?273117231121" width="16" height="16" alt="close search" loading="lazy">
</form>Name: signup — POST /signup/
<form class="form js-form-email-validate" name="signup" action="/signup/" method="POST">
<label for="id_93f002_email" class="email-input js-email-input">
<span class="screen-reader-text">Email:</span>
<input type="email" name="email" placeholder="Work email address" class="email" required="" id="id_93f002_email">
</label>
<input type="hidden" name="signup_box_location" value="elevated_footer">
<input type="hidden" name="signup_initial_url_path" value="/news/mitre-cyberattack-ivanti-exploits/713860/">
<input type="hidden" name="js_enabled" value="1" id="id_93f002_js_enabled">
<ul class="signup-list list-no-bullets">
<li>
<label><span class="screen-reader-text">Select user consent:</span></label>
<input type="checkbox" name="user_consent" id="id_user_consent-elevated_footer" value="1" class="checkbox">
<label for="id_user_consent-elevated_footer">
<span class="signup-user-consent_box">
<span> By signing up to receive our newsletter, you agree to our <a href="https://www.industrydive.com/terms-of-use/" target="_blank">Terms of Use</a> and
<a href="https://www.industrydive.com/privacy-policy/" target="_blank">Privacy Policy</a>. You can unsubscribe at anytime. </span>
</span>
</label>
</li>
</ul>
<button class="button button--medium signup-button" type="submit" value="Sign up">Sign up</button>
<label class="error email_error" style="display:none;">A valid email address is required.</label>
<label class="error newsletter-error" style="display:none;">Please select at least one newsletter.</label>
</form>Name: signup — POST /signup/
<form class="form js-form-email-validate" name="signup" action="/signup/" method="POST">
<label for="id_354250_email" class="email-input js-email-input">
<span class="screen-reader-text">Email:</span>
<input type="email" name="email" placeholder="Work email address" class="email" required="" id="id_354250_email">
</label>
<input type="hidden" name="signup_box_location" value="sidebar">
<input type="hidden" name="signup_initial_url_path" value="/news/mitre-cyberattack-ivanti-exploits/713860/">
<input type="hidden" name="js_enabled" value="1" id="id_354250_js_enabled">
<ul class="signup-list list-no-bullets">
<li>
<label><span class="screen-reader-text">Select user consent:</span></label>
<input type="checkbox" name="user_consent" id="id_user_consent-sidebar" value="1" class="checkbox">
<label for="id_user_consent-sidebar">
<span class="signup-user-consent_box">
<span> By signing up to receive our newsletter, you agree to our <a href="https://www.industrydive.com/terms-of-use/" target="_blank">Terms of Use</a> and
<a href="https://www.industrydive.com/privacy-policy/" target="_blank">Privacy Policy</a>. You can unsubscribe at anytime. </span>
</span>
</label>
</li>
</ul>
<button class="button button--medium signup-button" type="submit" value="Sign up">Sign up</button>
<label class="error email_error" style="display:none;">A valid email address is required.</label>
<label class="error newsletter-error" style="display:none;">Please select at least one newsletter.</label>
</form>Name: signup — POST /signup/
<form class="form js-form-email-validate" name="signup" action="/signup/" method="POST">
<label for="id_46649a_email" class="email-input js-email-input">
<span class="screen-reader-text">Email:</span>
<input type="email" name="email" placeholder="Work email address" class="email" required="" id="id_46649a_email">
</label>
<input type="hidden" name="signup_box_location" value="elevated_footer">
<input type="hidden" name="signup_initial_url_path" value="/news/mitre-cyberattack-ivanti-exploits/713860/">
<input type="hidden" name="js_enabled" value="1" id="id_46649a_js_enabled">
<ul class="signup-list list-no-bullets">
<li>
<label><span class="screen-reader-text">Select user consent:</span></label>
<input type="checkbox" name="user_consent" id="id_user_consent-elevated_footer" value="1" class="checkbox">
<label for="id_user_consent-elevated_footer">
<span class="signup-user-consent_box">
<span> By signing up to receive our newsletter, you agree to our <a href="https://www.industrydive.com/terms-of-use/" target="_blank">Terms of Use</a> and
<a href="https://www.industrydive.com/privacy-policy/" target="_blank">Privacy Policy</a>. You can unsubscribe at anytime. </span>
</span>
</label>
</li>
</ul>
<button class="button button--medium signup-button" type="submit" value="Sign up">Sign up</button>
<label class="error email_error" style="display:none;">A valid email address is required.</label>
<label class="error newsletter-error" style="display:none;">Please select at least one newsletter.</label>
</form>GET /search/
<form action="/search/" method="GET" data-ajax="false">
<label for="search-mobile">
<span class="screen-reader-text">Search</span>
<input id="search-mobile" type="search" name="q" placeholder="Search" data-role="none">
</label>
<button type="submit" value="" data-role="none" class="search-button-front analytics t-search-navigation-mobile">
<img src="/static/img/menu_icons/search.svg?320116291121" width="15" height="15" alt="search">
</button>
</form>Name: signup — POST /signup/
<form class="form js-form-email-validate" name="signup" action="/signup/" method="POST">
<label for="id_623242_email" class="email-input js-email-input">
<span class="screen-reader-text">Email:</span>
<input type="email" name="email" placeholder="Work email address" class="email" required="" id="id_623242_email">
</label>
<input type="hidden" name="signup_box_location" value="integrated_menu">
<input type="hidden" name="signup_initial_url_path" value="/news/mitre-cyberattack-ivanti-exploits/713860/">
<input type="hidden" name="js_enabled" value="1" id="id_623242_js_enabled">
<ul class="signup-list list-no-bullets">
<li>
<label><span class="screen-reader-text">Select user consent:</span></label>
<input type="checkbox" name="user_consent" id="id_user_consent-integrated_menu" value="1" class="checkbox">
<label for="id_user_consent-integrated_menu">
<span class="signup-user-consent_box">
<span> By signing up to receive our newsletter, you agree to our <a href="https://www.industrydive.com/terms-of-use/" target="_blank">Terms of Use</a> and
<a href="https://www.industrydive.com/privacy-policy/" target="_blank">Privacy Policy</a>. You can unsubscribe at anytime. </span>
</span>
</label>
</li>
</ul>
<button class="button button--medium signup-button" type="submit" value="Sign up">Sign up</button>
<label class="error email_error" style="display:none;">A valid email address is required.</label>
<label class="error newsletter-error" style="display:none;">Please select at least one newsletter.</label>
</form>Text Content
Skip to main content CONTINUE TO SITE ➞ DON’T MISS TOMORROW’S CYBERSECURITY INDUSTRY NEWS Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox. By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. * Deep Dive * Library * Events * Press Releases * Topics Sign up * Search * Sign up Search * Strategy * Breaches * Vulnerability * Cyberattacks * Threats * Leadership & Careers * Policy & Regulation An article from Dive Brief MITRE R&D NETWORK HIT BY IVANTI ZERO-DAY EXPLOITS Exploits of Ivanti VPN products have hit roughly 1,700 organizations. To Mitre, guidance from the vendor and government fell short. Published April 22, 2024 Matt Kapko Senior Reporter * * * * * * Philipp Tur/Getty Images Plus via Getty Images DIVE BRIEF: * Mitre Corp. said one of its research and prototyping networks was intruded in January by a nation-state linked attacker that exploited a pair of zero-day vulnerabilities in the organization’s remote access Ivanti VPN. * “We took all the recommended actions from the vendor, from the U.S. government, but they were clearly not enough,” Charles Clancy, SVP and CTO at Mitre, said Friday in a video statement. “As a result, we are issuing a call to action to the industry. The threat has gotten more sophisticated, and so too must our solutions to combat that threat.” * Mitre detected the cyberattack in its Network Experimentation, Research and Virtualization Environment, and the company quickly took the unclassified, collaborative network offline. “Based on our investigation to date, there is no indication that MITRE’s core enterprise network or partners’ systems were affected by this incident,” Mitre said Friday. DIVE INSIGHT: Mitre, a non-profit organization with close ties to the federal government and plays a central role in cyber defense research, is one of about 1,700 entities impacted by zero-day exploits in Ivanti Connect Secure products this year. Mitre operates federally funded research and development centers for U.S. government sponsors. Some of Mitre’s contributions to the cybersecurity sector include CVE.org and the Mitre Att&ck matrix and knowledge base of attackers’ tactics and techniques. The zero-day exploits of Ivanti products have ensnared some of the most important organizations and agencies in cybersecurity. The Cybersecurity and Infrastructure Security Agency was also hit in January by a yet-to-be identified attacker that exploited the critical vulnerabilities in Ivanti products the agency used at the time. The attack against Mitre, which involved lateral movement from an Ivanti VPN into VMware infrastructure, occurred before the Ivanti zero-day vulnerabilities were disclosed, Charles Clancy, SVP and CTO at Mitre, said Friday in a LinkedIn post. The attacker performed reconnaissance on one of Mitre’s networks, exploited one of its Ivanti VPNs and “skirted past our multifactor authentication using session hijacking,” Clancy and Lex Crumpton, defensive cyber operations researcher, said in a blog post. “From there, they moved laterally and dug deep into our network’s VMware infrastructure using a compromised administrator account. They employed a combination of sophisticated backdoors and webshells to maintain persistence and harvest credentials,” Clancy and Crumpton said. Mitre said the attack underscores the need to advance secure-by-design principles, improve supply chain security, micro-segment networks and deploy zero-trust architecture. The company did not immediately respond to a request for comment. An investigation into the full impact and scope of information exposed as a result of the attack is ongoing. * post * share * post * print * email * license Filed Under: Breaches, Vulnerability, Cyberattacks CYBERSECURITY DIVE NEWS DELIVERED TO YOUR INBOX Get the free daily newsletter read by industry experts Email: * Select user consent: By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. Sign up A valid email address is required. Please select at least one newsletter. EDITORS’ PICKS * Ruben Sprich/Reuters CHANGE HEALTHCARE’S DRAWN-OUT RECOVERY CATCHES FLAK FROM CYBER EXPERTS At least 100 services remain offline four weeks after the UnitedHealth Group detected an intrusion in its medical claims clearinghouse. Experts say the impacts are unprecedented. By Matt Kapko • March 21, 2024 * Ethan Miller via Getty Images Deep Dive AT MICROSOFT, YEARS OF SECURITY DEBT COME CRASHING DOWN Critics say negligence, misguided investments and hubris have left the enterprise giant on its back foot. By David Jones • April 30, 2024 GET THE FREE NEWSLETTER Subscribe to Cybersecurity Dive for top news, trends & analysis Email: * Select user consent: By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. Sign up A valid email address is required. Please select at least one newsletter. MOST POPULAR 1. What we know about the Snowflake customer attacks 2. Critical PHP CVE is under attack — research shows it’s easy to exploit 3. Ascension says cyberattack may have compromised protected health data 4. TellYouThePass ransomware widely targets vulnerable PHP instances LIBRARY RESOURCES * Playbook Fighting Fraud: The Threat - and Promise - of Generative AI Custom content for Mastercard * Trendline The growing use of AI in banking Supported by ServiceNow * Webinar - on demand Enhance Your Cyber Resilience and Strengthen Your Data Protection Custom content for Cohesity View all COMPANY ANNOUNCEMENTS * Jason Lish, Global CISO of Cisco, Joins MightyID Advisory Board From MightyID View all | Post a press release WHAT WE’RE READING * WIRED Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake * Krebs on Security Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested * TechCrunch Privacy app maker Proton transitions to non-profit foundation structure View all EVENTS * 03 AUG Conference Black Hat USA 2024: The World’s Premier Technical Cybersecurity Conference Presented by Black Hat INDUSTRY INTEL * The 2024 Guide to Open Source Security and Risk Webinar - on demand • Provided by Synopsys CYBERSECURITY DIVE NEWS DELIVERED TO YOUR INBOX Get the free daily newsletter read by industry experts Email: * Select user consent: By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. Sign up A valid email address is required. Please select at least one newsletter. COMPANY ANNOUNCEMENTS View all | Post a press release Jason Lish, Global CISO of Cisco, Joins MightyID Advisory Board From MightyID June 05, 2024 Want to share a company announcement with your peers? Get started ➔ Editors’ picks * Ruben Sprich/Reuters CHANGE HEALTHCARE’S DRAWN-OUT RECOVERY CATCHES FLAK FROM CYBER EXPERTS At least 100 services remain offline four weeks after the UnitedHealth Group detected an intrusion in its medical claims clearinghouse. Experts say the impacts are unprecedented. By Matt Kapko • March 21, 2024 * Ethan Miller via Getty Images Deep Dive AT MICROSOFT, YEARS OF SECURITY DEBT COME CRASHING DOWN Critics say negligence, misguided investments and hubris have left the enterprise giant on its back foot. By David Jones • April 30, 2024 Latest in Breaches * Clorox to restart ERP upgrade as it looks past August cyberattack By Lindsey Wilkinson * Frontier Communications says cyberattack snagged data from 751,000 people By David Jones * Pressure mounts on Snowflake and its customers as attacks spread By Matt Kapko * Snowflake customers caught in identity-based attack spree By Matt Kapko -------------------------------------------------------------------------------- * * * * EXPLORE * About * Editorial Team * Contact Us * Newsletter * Article Licensing * Press Releases * What We’re Reading REACH OUR AUDIENCE * Advertising * Post a press release RELATED PUBLICATIONS * CIO Dive -------------------------------------------------------------------------------- image/svg+xml Industry Dive is an Informa business © 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy. Cookie Preferences / Do Not Sell Search * Home * Topics * Strategy * Breaches * Vulnerability * Cyberattacks * Threats * Leadership & Careers * Policy & Regulation * Deep Dive * Library * Events * Press Releases GET CYBERSECURITY DIVE IN YOUR INBOX The free newsletter covering the top industry headlines Email: * Select user consent: By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. Sign up A valid email address is required. Please select at least one newsletter.