FPI / December 14, 2022
Geostrategy-Direct
A group of cyberspies linked to the communist regime in China are targeting the multinational cloud-computing firm Citrix, the U.S. National Security Agency said in an alert sent to companies on Dec. 13.
A group known as Advanced Persistent Threat 5, or APT5, a security designation for a Chinese state-backed hacking group known to target telecommunications companies, is operating against a specific Citrix software called application delivery controllers (ADCs), the NSA alert said.
The targeting of Citrix ADCs can “facilitate illegitimate access to targeted organizations by bypassing normal authentication controls,” the NSA said.
Citrix products are in use by over 400,000 clients worldwide, including 99% of Fortune 100, and 98% of the Fortune 500 companies.
Citrix specializes in “application virtualization,” software that encapsulates computer programs within an operating system without full installation.
NSA, along with other security agencies, produced “threat hunting guidance” for companies and organizations using Citrix to spot cyberattacks from the Chinese group.
The group ATP 5, also known to NSA and security officials by the codenames UNC2630 and MANGANESE, has been engaged in cyberoperations to steal information since 2007, according to the security firm Mandiant.
Citrix on Dec. 13 sent out software patches to its customers to mitigate what analysts say is a “zero-day” security flaw in its software that left unpatched could be used by Chinese hackers to gain unauthorized computer network access.
The company said “a vulnerability has been discovered in Citrix Gateway and Citrix ADC … that, if exploited, could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance.”
The cybersecurity news outlet SecurityWeek said the two zero-day bugs are among at least 50 public zero-day attacks uncovered this year.
Full Text . . . . Current Edition . . . . Subscription Information
Free Press International [Freedom Is Not Free!]