Widespread exploitation of Citrix Bleed flaw ongoing

Attacks leveraging the Citrix Bleed vulnerability, tracked as CVE-2023-4966, impacting Citrix NetScaler ADC and NetScaler Gateway appliances were noted by Cybersecurity and Infrastructure Security Agency Assistant Director for Cybersecurity Eric Goldstein to have been conducted by both state-sponsored threat operations and cybercrime groups, according to The Record, a news site by cybersecurity firm Recorded Future. More than 300 organizations have already been alerted regarding Citrix Bleed, which still impacts thousands of entities, said Goldstein. Meanwhile, an advisory from CISA, FBI, and Australian cybersecurity officials noted the exploitation of the flaw by LockBIt 3.0 ransomware in an attack against Boeing's parts and distribution business earlier this month. "Through the takeover of legitimate user sessions, malicious actors acquire elevated permissions to harvest credentials, move laterally, and access data and resources," said the agencies, which urged the immediate separation and remediation of vulnerable NetScaler ADC and Gateway instances. The U.S. has also moved to strengthen efforts to disrupt LockBit, according to a senior FBI official.