MITRE recently detailed a cyberattack exploiting VMware systems for stealth and persistence. The not-for-profit, serving US gov R&D, was targeted by state-sponsored hackers using Ivanti product vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887. This enabled access to MITRE’s NERVE network in late December 2023, traced back to a Chinese espionage group, Mandiant’s UNC5221.
The attackers deployed malware, including BrickStorm and BeeFlush, to abuse virtual machines, maintaining access without detection. They aimed for lateral movement but remained within the NERVE environment. MITRE has shared scripts for organizations to detect and counter similar threats in VMware setups.
Read more – VMware Abused in Recent MITRE Hack for Persistence, Evasion
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
