Security News > 2021 > August > US Census Bureau hacked in January 2020 using Citrix exploit
US Census Bureau servers were breached on January 11, 2020, by hackers after exploiting an unpatched Citrix ADC zero-day vulnerability, as the US Office of Inspector General disclosed in a recent report.
"The purpose of these servers was to provide the Bureau with remote-access capabilities for its enterprise staff to access the production, development, and lab networks. According to system personnel, these servers did not provide access to 2020 decennial census networks," the OIG said.
"During the attack on the remote-access servers, the Bureau's firewalls blocked the attacker's attempts to communicate from the remote-access servers to its command and control infrastructure as early as January 13, 2020.".
"As the Census Bureau and the OIG both concluded following this incident, there were no indications of compromise on any 2020 Decennial Census systems nor any evidence of malicious behavior impacting the 2020 Decennial counts," responded in a reply to OIG's review of the incident.
"Due to circumstances outside the Bureau's control-including a dependency on Citrix engineers to complete the migration, and the COVID-19 pandemic-the migration was delayed," the Bureau said.
Proof-of-concept exploits for CVE-2019-19781 were made public two days after scans for vulnerable Citrix servers were detected on January 8.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-27 | CVE-2019-19781 | Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. | 9.8 |