Hackers Use Rogue VMs to Evade Detection in Recent MITRE Cyberattack

Hackers Use Rogue VMs to Evade Detection in Recent MITRE Cyberattack

MITRE Corporation announced that a cyberattack on a nonprofit in late December 2023 exploited zero-day vulnerabilities in Ivanti Connect Secure (ICS) by creating rogue virtual machines (VMs) within its VMware environment. The threat actor, linked to China and tracked by Mandiant as UNC5221, accessed the Networked Experimentation, Research, and Virtualization Environment (NERVE) by exploiting ICS … Read more

MITRE presents findings on VMware rogue virtual machines used in internal cyberattack

MITRE presents findings on VMware rogue virtual machines used in internal cyberattack

MITRE recently shared findings from its own cyberattack in a blog post, revealing how Chinese state-sponsored threat actor UNC5221 used rogue virtual machines (VMs) to avoid detection and establish a permanent presence in MITRE’s VMware environment. The attackers gained initial access using two zero-day attacks against Ivanti Connect Secure in January, with the attack being … Read more