Security News > 2023 > November > LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed
The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability to breach the systems of large organizations, steal data, and encrypt files.
Although Citrix made fixes available for CVE-2023-4966 more than a month ago, thousands of internet-exposed endpoints are still running vulnerable appliances, many in the U.S. High-profile Lockbit attacks.
These are exposed Citrix servers [1, 2] vulnerable to the Citrix Bleed flaw, which he says the LockBit ransomware gang is exploiting attacks.
These attacks are likely being conducted by a LockBit affiliate who is heavily utilizing this vulnerability to breach networks rather than the ransomware operation itself being behind the attack.
A GandCrab/REvil affiliate specialized in exploiting MSP software [1, 2, 3] to encrypt companies, and we are likely seeing a LockBit affiliate utilizing the Citrix Bleed flaw to mass-breach networks.
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide.
News URL
Related news
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Over 3 million mail servers without encryption exposed to sniffing attacks (source)
- New DoubleClickjacking attack exploits double-clicks to hijack accounts (source)
- French govt contractor Atos denies Space Bears ransomware attack claims (source)
- Casio says data of 8,500 people exposed in October ransomware attack (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Preventing the next ransomware attack with help from AI (source)
- New Web3 attack exploits transaction simulations to steal crypto (source)
- Ransomware on ESXi: The mechanization of virtualized attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-4966 | Unspecified vulnerability in Citrix products Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. | 7.5 |