Citrix Bleed Vulnerability Exploited by LockBit Ransomware Affiliates
Originally Published 2 years ago — by CISA
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a joint advisory with the FBI, MS-ISAC, and ASD's ACSC, warning about the LockBit 3.0 ransomware exploiting the Citrix Bleed vulnerability (CVE-2023-4966) in Citrix NetScaler ADC and Gateway appliances. LockBit 3.0 affiliates have been observed using this vulnerability to bypass password requirements and multifactor authentication, allowing them to hijack legitimate user sessions and gain elevated permissions to harvest credentials and access data. Network administrators are urged to apply necessary software updates and implement mitigations to protect against this ransomware threat.