NSA warns Citrix devices are under attack from Chinese hackers, so update now
>
The US National Security Agency (NSA) warns that a hacking collective, backed by the Chinese state, is exploiting a zero-day vulnerability in two common Citrix products to gain access to networks.
The critical vulnerability, CVE-2022-27518 (opens in new tab)affects the Application Delivery Controller Citrix ADC and remote access tool Citrix Gateway, with both popular in business tech stacks.
With an official blog post (opens in new tab)Peter Lefkowitz, chief security and trust officer at Citrix, claimed that “limited exploits of this vulnerability have been reported,” but did not elaborate on the number of attacks or the industries involved.
Citrix emergency patch
Despite the opaque PR response, Citrix released a patch on December 12, 2022 that it claims resolves the issue, and is urging all affected customers to immediately update their applications.
The NSA, meanwhile, has released its own guidance (opens in new tab) in the form of a PDF report describing APT5’s activities.
This group of threat actors, known as manganese, has apparently explicitly targeted networks running these Citrix applications to breach the organization’s security without first having to steal credentials via social engineering and phishing to attack.
APT5, acc Malpedia (opens in new tab) and TechCrunch, has been active since “at least 2007” and is known to carry out cyber espionage attacks against countries the Chinese government deems a threat, usually against technology companies developing military technology, and telecommunications infrastructure.
Tech Radar Pro reported in 2019 that the hacking group compromised a number of VPNs available worldwide, including Fortinet, Pulse Secure, and Palo Alto VPN. Pulse Secure is especially common in the networks of Fortune 500 companies.
- Interested in staying safe online? Check out our guide to the best firewalls
Through TechCrunch (opens in new tab)