MITRE NERVE Hacked, Service Taken Offline

Even the most ready organizations are not immune to cyberattacks

MITRE reports about hacker activity in their NERVE network, spotted in April 2024. Upon detecting the suspicious activity, the organization put the affected service offline and started the investigation. The alleged way of hackers getting into the network is through the use of Ivanti VPN vulnerabilities.

MITRE Reports About NERVE Being Hacked

MITRE, known to the cybersecurity community for its MITRE ATT&CK database, published a notice about suspicious activity on April 19. This activity generally took place in their NERVE environment, with only a few detailes disclosed at the moment. The organization mentions that no network elements of MITRE or its partners were compromised.

After detecting suspicious activity on its Networked Experimentation, Research, and Virtualization Environment (NERVE), a collaborative network used for research, development, and prototyping, compromise by a foreign nation-state threat actor was confirmed.Official note regarding the hack

In a separate statement, that appeared shortly after the official text note, the CTO of the organization claims that hackers managed to leverage one of the Ivanti Connect Secure vulnerabilities. Executive specifically emphasized that they took all the actions the government and Ivanti offered to patch the flaw. That, however, was not enough.

What is NERVE?

NERVE is the abbreviation for Networked Experimentation, Research and Virtualization Environment – a rather self-explaining name. Launched back in 2017, it offers a shared space for all the activities mentioned in its naming. At the moment, however, the service is offline, and will likely stay unavailable for some time into the investigation.

Cybersecurity Research Organizations Under Attack

Hack of one of the MITRE subdivisions appears to me directly related to the recent hack of the US Cybersecurity and Insfrastructure Security Agency (CISA). They have a similar purpose, and even the flaw that led to the compromise is the same – Ivanti Connect Secure got quite an ill fame over the last year. But what is the purpose of hacking into cybersecurity agencies?

By nature, such organizations work with a lot of data from companies. This data includes info about network architecture, software they use, potential vulnerabilities they have, and so on. NERVE, aside from that, offers a development space for network engineers, meaning that compromising one can lead to a huge supply chain attack. All this is a desired target for adversaries – not for profit, but for unique reconnaissance data that will make the future attacks more successful.

NERVE hack confirms that no corporations are resilient against cyber attacks, not even the ones that live off cybersecurity. All the disruption in ”commercial” cybercrime does not affect state-sponsored threat actors. They are in fact more active than ever, and are not likely to be bothered by law enforcement agencies. I reckon we will see more and more attacks like that in the near future.

MITRE NERVE Hacked, Service Taken Offline

By Stephanie Adlam

I write about how to make your Internet browsing comfortable and safe. The modern digital world is worth being a part of, and I want to show you how to do it properly.

Leave a comment

Your email address will not be published. Required fields are marked *