Technical Deep Dive: Understanding the Anatomy of a Cyber Intrusion
Essential information
- Published
- 24/05/2024 13:52
- Modified
- 24/05/2024 14:25
- Tags
- 2024-05-24 CVE-2023-46805 CVE-2024-21887 beeflush brickstorm bushwalk cyberattack giftedvisitor intrusion lateral movement persistence rootrot threat wirefire
- Related entities
- 4 observables, 1 intrusion sets (apt), 13 techniques (mitre), 6 malware
Description
This report details a sophisticated cyber intrusion targeting MITRE's research network (NERVE) through the exploitation of Ivanti Connect Secure zero-day vulnerabilities. The threat actor, suspected to be UNC5221, initiated the attack by gaining unauthorized access and subsequently deploying various web shells and backdoors to maintain persistence. The report provides a chronological breakdown of the adversary's tactics, techniques, and procedures, including profiling the environment, manipulating virtual machines, deploying malicious payloads, and laterally moving across the network. Additionally, it offers insights into the malware employed, such as ROOTROT, WIREFIRE, BUSHWALK, BEEFLUSH, and BRICKSTORM. The report underscores the importance of proactive security measures and collaboration in addressing sophisticated cyber threats.