trib logo

NSA alert: China cyberspies are targeting Citrix and its top-tier clients

China 'can launch cyberspace attacks that, at a minimum, can cause localized, temporary disruptions to critical infrastructure within the United States.'
FPI / December 14, 2022


A group of cyberspies linked to the communist regime in China are targeting the multinational cloud-computing firm Citrix, the U.S. National Security Agency said in an alert sent to companies on Dec. 13.

A group known as Advanced Persistent Threat 5, or APT5, a security designation for a Chinese state-backed hacking group known to target telecommunications companies, is operating against a specific Citrix software called application delivery controllers (ADCs), the NSA alert said.

The targeting of Citrix ADCs can “facilitate illegitimate access to targeted organizations by bypassing normal authentication controls,” the NSA said.

Citrix products are in use by over 400,000 clients worldwide, including 99% of Fortune 100, and 98% of the Fortune 500 companies.

Citrix specializes in “application virtualization,” software that encapsulates computer programs within an operating system without full installation.

NSA, along with other security agencies, produced “threat hunting guidance” for companies and organizations using Citrix to spot cyberattacks from the Chinese group.

The group ATP 5, also known to NSA and security officials by the codenames UNC2630 and MANGANESE, has been engaged in cyberoperations to steal information since 2007, according to the security firm Mandiant.

Citrix on Dec. 13 sent out software patches to its customers to mitigate what analysts say is a “zero-day” security flaw in its software that left unpatched could be used by Chinese hackers to gain unauthorized computer network access.

The company said “a vulnerability has been discovered in Citrix Gateway and Citrix ADC … that, if exploited, could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance.”

The cybersecurity news outlet SecurityWeek said the two zero-day bugs are among at least 50 public zero-day attacks uncovered this year.

Full Text . . . . Current Edition . . . . Subscription Information

Free Press International [Freedom Is Not Free!]
cyberspies by is licensed under Screen Grab

Get latest news delivered daily!

We will send you breaking news right to your inbox

This website uses essential cookies for site operation. We would also like to set optional cookies to help us improve our site and to analyze web traffic, as described in the Privacy Compliance. You may accept or reject the use of optional cookies by clicking the Accept or Reject button.