Security News > 2020 > March > Chinese Hackers Exploit Cisco, Citrix Flaws in Massive Espionage Campaign
Between Jan. 20 and March 11, researchers observed APT41 exploiting vulnerabilities in Citrix NetScaler/ADC, Cisco routers and Zoho ManageEngine Desktop Central as part of the widespread espionage campaign.
Starting on Jan. 20, researchers observed the threat group attempting to exploit the notorious flaw in Citrix Application Delivery Controller and Citrix Gateway devices revealed as a zero-day then patched earlier this year.
On Feb. 21, researchers next observed APT41 switching gears to exploit a Cisco RV320 router at a telecommunications organization.
The threat actors downloaded an executable and linkable format binary payload. Researchers aren't sure what specific exploit was used in this case, but pointed to a Metasploit module combining two CVEs to enable remote code execution on Cisco RV320 and RV325 small business routers.
The first lull, between Jan. 23 and Feb. 1, was likely related to the Chinese Lunar New Year holidays: "This has been a common activity pattern by Chinese APT groups in past years as well," said researchers.
News URL
https://threatpost.com/chinese-hackers-exploit-cisco-citrix-espionage/154133/
Related news
- Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell (source)
- Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks (source)
- Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks (source)
- Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- Hackers exploit WordPress plugin auth bypass hours after disclosure (source)
- Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Cisco Webex bug lets hackers gain code execution via meeting links (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)