HC3 TLP White: APT41 Citrix and Zoho Attacks on Healthcare, March 26, 2020

A recent campaign of cyberattacks from a foreign threat actor targeted healthcare organizations and specifically exploited Citrix and Zoho technologies used for remote desktop services among others. These attacks allow attackers the ability to conduct reconnaissance and execute code on the victim systems and access to corporate networks. Patches have been released for both vulnerabilities and should be implemented as soon as possible.

Key Resources

Related Resources

Advisory
Hospitals That Are Oracle Customers Urged to Take Immediate Action to Address Security Vulnerability
Public
Issue Landing Page
Cybersecurity and Risk Advisory Service
Issue Landing Page
AHA Preferred Cybersecurity & Risk Provider Program
Issue Landing Page
Support for Your Cybersecurity Program
Guides/Reports
Cybersecurity and Risk Advisory Services
Standards/Guidelines
Become an AHA Preferred Cybersecurity and Risk Provider
Public