MITRE experienced a security breach starting on December 31, 2023, due to exploited Ivanti zero-day vulnerabilities.

Attackers gained network access using compromised administrative credentials, web shells, and backdoors.

The breach is attributed to a Chinese threat actor, UNC5221.

Data exfiltration by the attackers commenced on January 19 and continued with attempts to access further resources in the following months.

MITRE plans to release further details on the breach and offer detection tools next week.