FBI Flash: Unidentified Cyber Actors Exploit Citrix Vulnerability to Gain Access to Networks

Alert Number AC-000116-TT





Beginning mid-January 2020, unidentified cyber actors have used a Citrix vulnerability, CVE-2019-19781, in an attempt to exploit hundreds of U.S. networks, to include private companies, educational institutions, healthcare-related infrastructure, and local and federal government domains. The actors have used a a variety of Python, Perl, and shell scripts to exploit vulnerable Citrix servers and have exfiltrated the Netscaler configuration key store.