The US National Security Agency (NSA) is warning that a hacking collective backed by the Chinese state is exploiting a zero-day security flaw in two common Citrix products to gain access to networks.
The critical vulnerability, CVE-2022-27518 (opens in new tab), affects the application delivery controller Citrix ADC and remote access tool Citrix Gateway, with both popular in business tech stacks.
In an official blog post (opens in new tab), Peter Lefkowitz, chief security and trust officer at Citrix claimed that “limited exploits of this vulnerability have been reported,” but did not elaborate on the number of attacks or the industries involved.
Citrix emergency patch
Despite its opaque PR response, Citrix released a patch on December 12, 2022 that it claims resolves the issue, and is urging all affected customers to update their applications immediately.
The NSA, meanwhile, has released its own guidance (opens in new tab) in the form of a PDF report detailing the activities of APT5.
Sometimes referred to as Manganese, this group of threat actors has apparently explicitly targeted networks running these Citrix applications to break through organizational security without first having to steal credentials via social engineering and phishing attacks.
APT5, according to Malpedia (opens in new tab) and TechCrunch, has been active since “at least 2007”, and is known to run cyberespionage attacks against countries the Chinese government perceives as threats, usually against tech companies developing military technology, and telecommunications infrastructure.
TechRadar Pro reported in 2019 that the hacking group compromised a number of VPNs available worldwide, including Fortinet, Pulse Secure, and Palo Alto VPN. Pulse Secure, especially, is common in the networks of Fortune 500 companies.
- Interested in staying safe online? Check out our guide to the best firewalls
Via TechCrunch (opens in new tab)
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba