The NSA warns that Citrix devices are under attack

The US National Security Agency (NSA) warns that a Chinese state-backed hacker collective is exploiting a zero-day security flaw in two common Citrix products to gain access to networks.

The critical vulnerability, CVE-2022-27518 (opens in a new tab), affects Citrix ADC Application Delivery Controller and Citrix Gateway Remote Access Tool, both of which are popular in technology stacks.

In an official blog post (opens in a new tab), Peter Lefkowitz, Citrix's head of security and trust, stated that "limited exploits of this vulnerability have been reported," but did not specify the number of attacks or the industries involved. .

Citrix Emergency Patch

Despite its opaque PR response, Citrix released a patch on December 12, 2022 that it claims resolves the issue and urges all affected customers to update their apps immediately.

Meanwhile, the NSA has released its own guidelines (opens in a new tab) in the form of a PDF report detailing APT5's activities.

Sometimes referred to as Manganese, this group of malicious actors have apparently explicitly targeted the networks running these Citrix apps to breach the organization's security without first stealing credentials through social engineering and phishing attacks.

APT5, according to Malpedia (opens in a new tab) and TechCrunch, has been active since "at least 2007" and is known for carrying out cyber-espionage attacks against countries that the Chinese government perceives as threats, usually against technology companies that carry out activities military and telecommunication technologies. Infrastructure.

TechRadar Pro reported in 2019 that the hacking group had compromised several VPNs available around the world, including Fortinet, Pulse Secure, and Palo Alto VPN. Pulse Secure, in particular, is common in the networks of Fortune 500 companies.

  • Do you want to be safe online? Check out our guide to the best firewalls

Via TechCrunch (Opens in a new tab)

Share This