Hackers Exploiting 'CitrixBleed' Bug For Mass Cyberattacks Globally: Report
“LockBit is breaching some of the world’s largest organisations, many of whom have incredibly large security budgets. Recently, it has become clear they have been targeting a vulnerability in Citrix Netscaler, called CitrixBleed,” Beaumont wrote in a blog post.
San Francisco, November 15: Hackers are mass-exploiting a critical vulnerability in desktop virtualisation company Citrix’s NetScaler systems to apparently attack big organisations like Boeing, China’s ICBC and mega port operator DP World globally, cyber-security researchers have claimed. Thousands of organisations remain unpatched against the vulnerability, tracked officially as CVE-2023-4966 and called “CitrixBleed,” reports TechCrunch.
Citrix last month disclosed the vulnerability affecting on-premise versions of its NetScaler ADC and NetScaler Gateway platforms. These are used by large enterprises and governments for application delivery and VPN connectivity. Citrix released security patches and later updated its advisory to indicate that it had observed exploitation in the wild. Israel-Gaza Conflict: Elon Musk-Run X Fails To Remove 98% of Posts Promoting Antisemitism, Islamophobia, Anti-Palestine Hate and Other Hate Speech, Says Report.
The US Cybersecurity and Infrastructure Security Agency (CISA) has also added “CVE-2023-4966” to their known exploited vulnerabilities (KEV) catalog. Cybersecurity firm Rapid7 recommended taking emergency action to mitigate the Citrix bug.
“Threat actors, including ransomware groups, have historically shown strong interest in Citrix NetScaler ADC vulnerabilities. We expect exploitation to increase,” it said. Cyber-security researcher Kevin Beaumont said that the Russia-based LockBit hackers’ gang gang last week hacked into the US branch of Industrial and Commercial Bank of China (ICBC) by compromising an unpatched Citrix Netscaler box.
“LockBit is breaching some of the world’s largest organisations, many of whom have incredibly large security budgets. Recently, it has become clear they have been targeting a vulnerability in Citrix Netscaler, called CitrixBleed,” Beaumont wrote in a blog post. ICBC has reportedly paid ransom demand to LockBit.
ICBC, the world’s largest lender by assets, said that its financial services arm, called ICBC Financial Services, experienced a ransomware attack “that resulted in disruption to certain” systems that disrupted trades in the US Treasury market. China’s Ministry of Foreign Affairs said that ICBC is “striving to minimise the impact and losses after the attack”. 42% Indian Smartphone Users Regularly Try Photo-Editing Apps To Brush Up Their Digital Presence: Report.
According to Beaumont, Allen & Overy, one of the world’s biggest law firms, was also hit by attackers via CitrixBleed vulnerability Netscaler instance, which was patched post incident.
(The above story first appeared on LatestLY on Nov 15, 2023 11:36 AM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).