Hackers Attempting To Intrude Into Corporate Networks Via Fresh Vulnerabilities In Citrix System

Cybercriminals keep attempting new tactics to stay ahead in the cat-and-mouse game with the security researchers. Recently, some attackers were seen doing the same, attempting to target corporate networks by exploiting some recently disclosed vulnerabilities in Citrix systems.

Citrix systems on target

Hackers were found scanning the internet for any open Citrix system that could be exploited via some recently identified vulnerabilities.
  • In July 2020, some hackers were spotted attempting to exploit the recently disclosed vulnerabilities to gain access to Citrix application delivery controller (ADC) systems.
  • The hackers exploited the vulnerabilities CVE-2020-8195 and CVE-2020-8196 in Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP.
  • The attempts were captured by a researcher who had set up a honeypot for tracking any attempts for the exploitation of recently disclosed flaws in F5 Networks.

Recent attacks on Citrix ADC

In the past few months, several hackers have attempted to target and exploit Citrix ADC to attack corporate networks.
  • In March 2020, it was revealed that the state-sponsored APT41 group had attacked 75 customers by targeting Citrix NetScaler/ADC, Cisco routers, and Zoho ManageEngine Desktop Central products between January 20 and March 11, 2020.
  • Also in March 2020, Finastra, the UK-based financial technology provider, was hit by a ransomware attack that targeted its four Citrix ADC (NetScaler) servers, exploiting the critical CVE-2019-1978 vulnerability as a possible attack vector.

Vulnerabilities already patched

On June 11, 2020, Citrix has patched a set of 11 vulnerabilities, including CVE-2020-8195 and CVE-2020-8196, that were identified in its Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP.