The US National Security Agency (NSA) is warning that a Chinese state-backed hacking collective is exploiting a zero-day vulnerability in two popular Citrix products to gain access to the network.
critical vulnerability, CVE-2022-27518 (opens in a new tab)affects the Citrix ADC i application delivery controller remote access the Citrix Gateway tool, both popular in business technology stacks.
In the official blog post (opens in a new tab).
Citrix emergency patch
Despite the opaque PR response, Citrix released a patch on December 12, 2022 that it claims fixes the issue, and is urging all affected customers to update their apps immediately.
Meanwhile, the NSA issued its own conductivity (opens in a new tab) in the form of a PDF report detailing the activities of APT5.
This group of cybercriminals, sometimes referred to as the Manganese, has clearly targeted the networks running these Citrix applications in order to breach the organization’s security without first having to steal credentials via Social engineering and phishing attacks.
APT5 acc Malpedia (opens in a new tab) and TechCrunch, has been operating since “at least 2007” and is known for launching cyberespionage attacks against countries perceived as a threat by the Chinese government, typically tech companies developing military technology and telecommunications infrastructure.
TechRadar Pro reported in 2019, a hacking group broke into many VPNs available around the world, including Fortinet, Pulse Secure and Palo Alto VPN. Especially Pulse Secure is common in network of Fortune 500 companies.
- Want to be safe online? Check out our guide to the best firewalls
By TechCrunch (opens in a new tab)