Security researchers have identified a critical vulnerability in Citrix NetScaler systems, known as CVE-2023-4966 or “CitrixBleed,” that hackers are aggressively exploiting to launch cyberattacks against major organizations globally. The flaw allows hackers to extract sensitive data from vulnerable Citrix devices and gain unauthorized access to networks without requiring credentials. Despite Citrix releasing patches, many organizations remain unpatched, with the US government urging federal agencies to take action.
Numerous high-profile organizations have already fallen victim to these cyberattacks, including Boeing, ICBC, DP World, and Allen & Overy. The attacks have impacted various sectors, including professional services, technology, government, healthcare, manufacturing, and retail. Incident response teams have observed hackers exploiting the vulnerability to move laterally and access sensitive data within victims’ networks.
Multiple threat groups, including the LockBit ransomware gang, are actively exploiting CitrixBleed, with at least one group automating the attack process. LockBit has claimed responsibility for breaches at ICBC and is believed to have extorted ransom payments from the bank. Boeing and Allen & Overy were also found to have unpatched Citrix systems at the time of the breach. The Medusa ransomware gang is also leveraging the vulnerability to target specific organizations.
Experts predict that CVE-2023-4966 will become one of the most frequently exploited vulnerabilities going forward, highlighting the urgent need for organizations to apply patches and secure their systems. The widespread exploitation of this vulnerability underscores the importance of timely cybersecurity measures in protecting critical infrastructure and sensitive data from malicious actors.
Article Source
https://techcrunch.com/2023/11/14/citrix-bleed-critical-bug-ransomware-mass-cyberattacks/