// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / MITRE Corporation
Breach Record

MITRE Corporation

DISCLOSED 2023-12-01 · UNPATCHED CVE

In December 2023, threat actors exploited zero-day vulnerabilities in Ivanti Connect Secure to compromise MITRE's Networked Experimentation, Research, and Virtualization Environment (NERVE). The attackers created rogue virtual machines to maintain persistence and evade detection. MITRE disclosed the breach in April 2024, noting no impact on its core network or partners.

The record

What we know

Disclosed
2023-12-01
Attack vector
Unpatched Cve
Sector
nonprofit research and development
Country
US
Domain
mitre.org
ENDPOINT INVOLVED
Sources

Cited reporting

Similar vector · recent

Other unpatched cve breaches on file

This page is the permanent ColdRecon entry for the MITRE Corporation disclosure. It updates if new public reporting emerges. All tracked breaches →

MITRE Corporation just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →