Chinese Hackers Deployed Backdoor Quintet to Down MITRE
China-linked hackers deployed a roster of different backdoors and Web shells in the process of compromising the MITRE Corporation late last year.
Last month news broke that MITRE, best known for its Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework, was breached through Ivanti Connect Secure zero-day vulnerabilities. The hackers accessed its Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified research and development network.
On May 3, MITRE filled in some more details about five unique payloads deployed as part of an attack that lasted from New Year's Eve all the way through mid-March. As a present for New Year's 2023, MITRE's attackers infected it with the "Rootrot" web shell. Rootrot is designed to embed itself into a legitimate Ivanti Connect Secure TCC file, and it enabled them to perform reconnaissance and lateral movement within the NERVE environment.