Hackers are reportedly exploiting a critical vulnerability in Citrix’s NetScaler systems on a large scale, targeting major organisations globally such as Boeing, China’s ICBC, and the mega port operator DP World, according to cybersecurity researchers. The vulnerability, officially identified as CVE-2023-4966 and dubbed “CitrixBleed,” remains unaddressed by thousands of organisations, as reported by TechCrunch.
Citrix disclosed the vulnerability last month, affecting on-premise versions of its NetScaler ADC and NetScaler Gateway platforms, widely used by large enterprises and governments for application delivery and VPN connectivity. Despite Citrix releasing security patches and acknowledging exploitation in the wild, numerous organisations reportedly remain vulnerable.
The US Cybersecurity and Infrastructure Security Agency (CISA) has included “CVE-2023-4966” in its catalogue of known exploited vulnerabilities (KEV). Cybersecurity firm Rapid7 has urged immediate action to mitigate the Citrix bug, noting historical interest from threat actors, including ransomware groups, in Citrix NetScaler ADC vulnerabilities.
The LockBit hacking group, based in Russia, recently breached the US branch of the Industrial and Commercial Bank of China (ICBC) by compromising an unpatched Citrix Netscaler box. “Recently, it has become clear they have been targeting a vulnerability in Citrix Netscaler, called CitrixBleed,” cyber-security researcher Kevin Beaumont wrote in a blog post.
ICBC reportedly paid a ransom demand to LockBit following the ransomware attack on its financial services arm.
Beaumont further revealed that Allen & Overy, one of the world’s largest law firms, also fell victim to attackers exploiting the CitrixBleed vulnerability in its Netscaler instance. The law firm addressed the issue by applying patches post-incident.
Also Read World’s largest bank, ICBC, faces cybersecurity breach: Know all about LockBit 3.0 ransomware
Read More: CitrixBleed vulnerability sparks cybersecurity crisis across industries; ICBC,