Hackers are mass-exploiting a critical vulnerability in desktop virtualisation company Citrix’s NetScaler systems to apparently attack big organisations like Boeing, China’s ICBC and mega port operator DP World globally, cyber-security researchers have claimed.
Thousands of organisations remain unpatched against the vulnerability, tracked officially as CVE-2023-4966 and called “CitrixBleed,” reports TechCrunch.
Citrix last month disclosed the vulnerability affecting on-premise versions of its NetScaler ADC and NetScaler Gateway platforms.
These are used by large enterprises and governments for application delivery and VPN connectivity. Citrix released security patches and later updated its advisory to indicate that it had observed exploitation in the wild.
The US Cybersecurity and Infrastructure Security Agency (CISA) has also added “CVE-2023-4966” to their known exploited vulnerabilities (KEV) catalog.
Cybersecurity firm Rapid7 recommended taking emergency action to mitigate the Citrix bug.
“Threat actors, including ransomware groups, have historically shown strong interest in Citrix NetScaler ADC vulnerabilities. We expect exploitation to increase,” it said.
Cyber-security researcher Kevin Beaumont said that the Russia-based LockBit hackers’ gang gang last week hacked into the US branch of Industrial and Commercial Bank of China (ICBC) by compromising an unpatched Citrix Netscaler box.
“LockBit is breaching some of the world’s largest organisations, many of whom have incredibly large security budgets. Recently, it has become clear they have been targeting a vulnerability in Citrix Netscaler, called CitrixBleed,” Beaumont wrote in a blog post.
ICBC has reportedly paid ransom demand to LockBit.
ICBC, the world’s largest lender by assets, said that its financial services arm, called ICBC Financial Services, experienced a ransomware attack “that resulted in disruption to certain” systems that disrupted trades in the US Treasury market.
China’s Ministry of Foreign Affairs said that ICBC is “striving to minimise the impact and losses after the attack”.
According to Beaumont, Allen & Overy, one of the world’s biggest law firms, was also hit by attackers via CitrixBleed vulnerability Netscaler instance, which was patched post incident.