FBI Flash: Unidentified Cyber Actors Exploit Citrix Vulnerability to Gain Access to Networks

Alert Number AC-000116-TT

TLP GREEN

 

 

 

Beginning mid-January 2020, unidentified cyber actors have used a Citrix vulnerability, CVE-2019-19781, in an attempt to exploit hundreds of U.S. networks, to include private companies, educational institutions, healthcare-related infrastructure, and local and federal government domains. The actors have used a a variety of Python, Perl, and shell scripts to exploit vulnerable Citrix servers and have exfiltrated the Netscaler configuration key store. 

Related Resources

Advisory
Hospitals That Are Oracle Customers Urged to Take Immediate Action to Address Security Vulnerability
Public
Issue Landing Page
Cybersecurity and Risk Advisory Service
Issue Landing Page
Support for Your Cybersecurity Program
Guides/Reports
Cybersecurity and Risk Advisory Services
Standards/Guidelines
Become an AHA Preferred Cybersecurity and Risk Provider
Public
Issue Landing Page
AHA Preferred Cybersecurity & Risk Provider Program