Skip to main content

Chinese Hackers Deployed Backdoor Quintet to Down MITRE

posted onMay 8, 2024
by l33tdawg
Dark Reading
Credit: Dark Reading

China-linked hackers deployed a roster of different backdoors and Web shells in the process of compromising the MITRE Corporation late last year.

Last month news broke that MITRE, best known for its Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework, was breached through Ivanti Connect Secure zero-day vulnerabilities. The hackers accessed its Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified research and development network.

On May 3, MITRE filled in some more details about five unique payloads deployed as part of an attack that lasted from New Year's Eve all the way through mid-March. As a present for New Year's 2023, MITRE's attackers infected it with the "Rootrot" web shell. Rootrot is designed to embed itself into a legitimate Ivanti Connect Secure TCC file, and it enabled them to perform reconnaissance and lateral movement within the NERVE environment.

Source

Tags

Industry News Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th