HC3 TLP White: APT41 Citrix and Zoho Attacks on Healthcare, March 26, 2020

A recent campaign of cyberattacks from a foreign threat actor targeted healthcare organizations and specifically exploited Citrix and Zoho technologies used for remote desktop services among others. These attacks allow attackers the ability to conduct reconnaissance and execute code on the victim systems and access to corporate networks. Patches have been released for both vulnerabilities and should be implemented as soon as possible.

Related Resources

Advancing Health Podcast
Public
On this AHA Advancing Health podcast, John Riggi, AHA senior advisor for cybersecurity and risk, speaks with his former FBI colleague Mike Orlando, acting…
Advisory
Public
Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability — known as PrintNightmare (CVE-2021-34527) — in the…
Advancing Health Podcast
Public
Hospitals and health systems have frequently been the target of high-impact ransomware attacks. In this podcast, John Riggi, AHA senior advisor for…
Letter/Comment
As a national critical infrastructure designated by the U.S. Department of Homeland Security, the healthcare sector faces an urgent need to strengthen the…
Letter/Comment
As a national critical infrastructure designated by the U.S. Department of Homeland Security, the healthcare sector faces an urgent need to strengthen the…
Advisory
Public
This cyber advisory reflects the FBI’s May 20 Conti alert, along with resources from AHA and other organizations.