Chinese Government Backed Hackers Exploiting Zero-Day Bug in Citrix Products: Warns US NSA
Chinese government-backed hackers are exploiting a zero-day vulnerability in two widely used Citrix networking products to gain access to systems, the US government has warned.
Washington, December 15 : Chinese government-backed hackers are exploiting a zero-day vulnerability in two widely used Citrix networking products to gain access to systems, the US government has warned. According to the National Security Agency (NSA), the vulnerability allows hackers to remotely run malicious code on vulnerable devices -- no passwords needed. What Is Bluebugging? How Do Hackers Use Bluetooth-Enabled Devices To Steal Data? How Can You Protect Your Phone? Know Everything Here.
The desktop virtualisation company also admitted the bug is being actively exploited by threat actors. "We are aware of a small number of targeted attacks in the wild using this vulnerability," said Peter Lefkowitz, chief security and trust officer at Citrix.
"Limited exploits of this vulnerability have been reported," he added in a Blog post. The company has released security updates for both products -- Citrix ADC, an application delivery controller, and Citrix Gateway, a remote access tool. WhatsApp Phone Numbers of About 500 Million Users Leaked, Put On Sale on 'Well-Known' Hacking Community: Report.
"As part of our internal reviews and in working with our security partners, we have identified vulnerabilities in Citrix ADC and Citrix Gateway 12.1 and 13.0 before 13.0-58.32 builds," said the company. Customers are urged to install the recommended builds immediately as this vulnerability has been identified as critical and aceno workarounds are available for this vulnerability".
According to an NSA advisory, APT5, a Chinese hacking group, has been actively targeting Citrix application delivery controllers (ADCs). "Targeting Citrix ADCs can facilitate illegitimate access to targeted organisations by bypassing normal authentication controls," read the advisory.
"Move all Citrix ADC instances behind a VPN or other capability that requires valid user authentication (ideally multi-factor) prior to being able to access the ADC and isolate the Citrix ADC appliances from the environment to ensure any malicious activity is contained," the NSA recommended.
(The above story first appeared on LatestLY on Dec 15, 2022 11:35 AM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).