Council for Scottish Islands Faces IT Outage After ‘Incident’

Organizations are facing an active and targeted exploitation of a vulnerability in Citrix NetScaler ADC and NetScaler Gateway, known as CitrixBleed. Despite a patch being issued, the exploitation has continued for several weeks. The Cybersecurity and Infrastructure Security Agency is urging organizations to apply the patch, search for malicious activity, and report any findings. The threat group Lockbit is potentially involved in exploiting CitrixBleed, and it has been linked to a cyber incident at Boeing. Security researchers suggest that slow patch response and inadequate protection may be contributing to the mass exploitation. Mandiant has warned organizations to delete prior sessions as threat actors were able to bypass the patch and persist previously authenticated sessions. Researchers at Palo Alto Networks have observed compromised users executing reconnaissance commands and dropping additional tools on virtual desktop infrastructure hosts.