MITRE reports about hacker activity in their NERVE network, spotted in April 2024. Upon detecting the suspicious activity, the organization put the affected service offline and started the investigation. The alleged way of hackers getting into the network is through the use of Ivanti VPN vulnerabilities.
MITRE Reports About NERVE Being Hacked
MITRE, known to the cybersecurity community for its MITRE ATT&CK database, published a notice about suspicious activity on April 19. This activity generally took place in their NERVE environment, with only a few detailes disclosed at the moment. The organization mentions that no network elements of MITRE or its partners were compromised.
In a separate statement, that appeared shortly after the official text note, the CTO of the organization claims that hackers managed to leverage one of the Ivanti Connect Secure vulnerabilities. Executive specifically emphasized that they took all the actions the government and Ivanti offered to patch the flaw. That, however, was not enough.
What is NERVE?
NERVE is the abbreviation for Networked Experimentation, Research and Virtualization Environment – a rather self-explaining name. Launched back in 2017, it offers a shared space for all the activities mentioned in its naming. At the moment, however, the service is offline, and will likely stay unavailable for some time into the investigation.
Cybersecurity Research Organizations Under Attack
Hack of one of the MITRE subdivisions appears to me directly related to the recent hack of the US Cybersecurity and Insfrastructure Security Agency (CISA). They have a similar purpose, and even the flaw that led to the compromise is the same – Ivanti Connect Secure got quite an ill fame over the last year. But what is the purpose of hacking into cybersecurity agencies?
By nature, such organizations work with a lot of data from companies. This data includes info about network architecture, software they use, potential vulnerabilities they have, and so on. NERVE, aside from that, offers a development space for network engineers, meaning that compromising one can lead to a huge supply chain attack. All this is a desired target for adversaries – not for profit, but for unique reconnaissance data that will make the future attacks more successful.
NERVE hack confirms that no corporations are resilient against cyber attacks, not even the ones that live off cybersecurity. All the disruption in ”commercial” cybercrime does not affect state-sponsored threat actors. They are in fact more active than ever, and are not likely to be bothered by law enforcement agencies. I reckon we will see more and more attacks like that in the near future.