Chinese govt-backed hackers exploiting bug in Citrix products: US NSA


Washington, Dec 15 (IANS): Chinese government-backed hackers are exploiting a zero-day vulnerability in two widely used Citrix networking products to gain access to systems, the US government has warned.

According to the National Security Agency (NSA), the vulnerability allows hackers to remotely run malicious code on vulnerable devices -- no passwords needed.

The desktop virtualisation company also admitted the bug is being actively exploited by threat actors.

"We are aware of a small number of targeted attacks in the wild using this vulnerability," said Peter Lefkowitz, chief security and trust officer at Citrix.

"Limited exploits of this vulnerability have been reported," he added in a Blog post.

The company has released security updates for both products -- Citrix ADC, an application delivery controller, and Citrix Gateway, a remote access tool.

"As part of our internal reviews and in working with our security partners, we have identified vulnerabilities in Citrix ADC and Citrix Gateway 12.1 and 13.0 before 13.0-58.32 builds," said the company.

Customers are urged to install the recommended builds immediately as this vulnerability has been identified as critical and aceno workarounds are available for this vulnerability".

According to an NSA advisory, APT5, a Chinese hacking group, has been actively targeting Citrix application delivery controllers (ADCs).

"Targeting Citrix ADCs can facilitate illegitimate access to targeted organisations by bypassing normal authentication controls," read the advisory.

"Move all Citrix ADC instances behind a VPN or other capability that requires valid user authentication (ideally multi-factor) prior to being able to access the ADC and isolate the Citrix ADC appliances from the environment to ensure any malicious activity is contained," the NSA recommended.

 

  

Top Stories


Leave a Comment

Title: Chinese govt-backed hackers exploiting bug in Citrix products: US NSA



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.