Major LockBit ransomware attacks facilitated by Citrix Bleed exploitation

Vulnerable Citrix NetScaler ADC and Gateway servers impacted by the Citrix Bleed flaw, tracked as CVE-2023-4966, were noted by threat researcher Kevin Beaumont to have been targeted by the LockBit ransomware gang to facilitate its recent string of high-profile intrusions against Industrial & Commercial Bank of China's U.S. subsidiary ICBC Financial Services, major aerospace firm Boeing, port operator DP World Australia, and law firm Allen & Overy, reports BleepingComputer. Officials from the U.S. Department of the Treasury have also confirmed that ICBC Financial Services was compromised through the Citrix Bleed exploits, according to a report from the Wall Street Journal. Citrix Bleed continues to affect more than 10,400 Citrix servers around the world, most of which are in the U.S., Germany, China, the U.K., and Australia, findings from Japanese threat researcher Yutaka Sejiyama revealed. Exploitation of Citrix Bleed as a zero-day was reported by Mandiant to have begun in August.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.