MITRE Hackers’ Backdoor Has Targeted Windows for Years

Brownie2019

Brownie2019

Level 23
Thread author
Verified
Well-known
Forum Veteran
Mar 9, 2019
973
4,663
2,168
Germany
Content source
https://www.securityweek.com/mitre-hackers-backdoor-has-targeted-windows-for-years/
Newly identified versions of the BrickStorm backdoor used in the MITRE hack in early 2024 are targeting Windows environments, cybersecurity firm Nviso warns.

To hack MITRE, a Chinese APT tracked as UNC5221 exploited two zero-day vulnerabilities in an Ivanti Connect Secure VPN as early as December 31, 2023, following up with fingerprinting in January 4, 2024, and lateral movement and malware deployment in the next few days.

The hackers deployed the Linux version of the BrickStorm backdoor on VMware vCenter hosts, along with the BeeFlush and WireFire web shells, and exfiltrated data two weeks later, using the BushWalk web shell. The intrusion was discovered in April 2024.
Click to expand...

Read more:
www.securityweek.com

MITRE Hackers' Backdoor Has Targeted Windows for Years

Windows versions of the BrickStorm backdoor that the Chinese APT used in the MITRE hack last year have been active for years.
www.securityweek.com www.securityweek.com
 
Last edited by a moderator:
  • Like
  • Thanks
Reactions: simmerskool, Andy Ful, Captain Awesome and 3 others
You must log in or register to reply here.

You may also like...