The US National Security Agency (NSA) has warned that a Chinese state-backed hacking group is exploiting a zero-day vulnerability in two Citrix joint products to gain access to networks.
critical vulnerability, CVE-2022-27518affects the Citrix ADC and Application Delivery Controller remote access Citrix Gateway tool, both of which are popular in business technology stacks.
in official blog postPeter Lefkowitz, Citrix’s chief security and trust officer, claimed that “limited exploits for this vulnerability” had been reported, but did not say how many attacks or which industries were involved.
Citrix emergency patch
Despite the opaque PR response, Citrix released a patch on December 12, 2022 that it claims fixes the issue, and urges all affected customers to update their apps immediately.
Meanwhile, the NSA released its own guidance In PDF report format detailing APT5 activities.
Sometimes referred to as Manganese, this group of threat actors has explicitly targeted networks running these Citrix applications to breach organizational security without first having to steal credentials via Social engineering And the phishing attacks.
> Here is a list of the best VPNs for business right now
> Most companies still lack a secure remote access solution
> Citrix urges the moderators to immediately correct these critical deficiencies
APT5, according to Malpedia And the techcrunch, Active since “at least 2007”, it is known to launch cyberespionage attacks against countries the Chinese government considers threats, usually against technology companies developing military technology and communications infrastructure.
Radar Pro Technology mentioned In 2019, the hacking group committed to a number of VPNs available worldwide, including Fortinet, Pulse Secure, and Palo Alto VPN. Pulse Secure, in particular, is popular with Networks of Fortune 500 companies.
- Are you interested in staying safe online? Check out our guide to the best firewalls