A critical flaw in software from Citrix Systems Inc., a company that pioneered remote access so people can work anywhere, has been exploited by government-backed hackers and criminal groups, according to a US cyber official.
The flaw, dubbed Citrix Bleed, was abused by hackers in secret for weeks before it was found and a fix was issued last month, according to Citrix online posts and cybersecurity researchers. Since then, researchers say hackers have accelerated their exploitation of the bug, targeting some of the thousands of customers that haven't applied a patch.
“We are aware that a wide variety of malicious actors, including both nation state and criminal groups, are focused on leveraging the Citrix Bleed vulnerability,” Eric Goldstein, executive assistant director for cybersecurity at the US Cybersecurity and Infrastructure Security Agency, known as CISA, told Bloomberg News.
CISA is providing assistance to victims, said Goldstein, who declined to identify them. Adversaries could exploit the vulnerability to steal sensitive information and attempt to gain broader network access, he said.
Citrix didn't respond to messages seeking comment.
We are now on WhatsApp. Click to join.
Among the criminal groups exploiting the Citrix Bleed bug is one of the world's most notorious hacking gangs, LockBit, according to a global banking security consortium, the FS-ISAC, which on Tuesday issued a security bulletin about the risk to financial institutions.
The US Treasury has also said it's investigating whether Citrix vulnerabilities are responsible for the recent debilitating ransom hack against the Industrial & Commercial Bank of China Ltd., according to a person familiar with the matter. The breach rendered the world's largestRead more on tech.hindustantimes.com