November 10, 2023 at 02:16PM
The recent ransomware attack on the Industrial and Commercial Bank of China (ICBC) may be linked to a vulnerability in Citrix’s NetScaler technology. The vulnerability, known as “CitrixBleed,” allows attackers to steal sensitive information and hijack user sessions. It has a severity score of 9.4 out of 10 and has been actively exploited since August. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance on addressing the threat.
Based on the meeting notes, there was a disruptive ransomware attack on the Industrial and Commercial Bank of China (ICBC), which may be linked to a vulnerability in Citrix’s NetScaler technology. The vulnerability, known as “CitrixBleed” (CVE-2023-4966), affects multiple versions of Citrix NetScaler ADC and NetScaler Gateway and has a severity score of 9.4 out of 10. Attackers can use this vulnerability to steal sensitive information and hijack user sessions without special privileges or user interaction.
Threat actors have been actively exploiting this vulnerability since August, even before Citrix released updated versions of the affected software on October 10. Researchers recommend that organizations terminate all active sessions on affected devices due to the potential for authenticated sessions to persist after the update.
The ransomware attack on the ICBC seems to be one public example of the exploit. Security researcher Kevin Beaumont identified an unpatched Citrix NetScaler at ICBC as a possible attack vector. It is crucial for organizations to patch against CitrixBleed to prevent complete bypass of authentication and potential exploitation by ransomware groups.
Several organized threat groups are currently targeting the CitrixBleed vulnerability, with reports of data exfiltration and attempted ransomware deployment. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance advising organizations to update their unmitigated appliances with the patched versions.
In summary, the meeting notes highlight the severity and widespread exploitation of the CitrixBleed vulnerability, emphasizing the need for organizations to patch their systems immediately to mitigate the risk of attacks and potential data breaches.