Categories: Tech NewsTechCrunch+

NSA says Chinese hackers are exploiting a zero-day bug in popular networking gear

The U.S. National Security Agency is warning that Chinese government-backed hackers are exploiting a zero-day vulnerability in two widely used Citrix networking products to gain access to targeted networks.

The flaw, tracked as CVE-2022-27518, affects Citrix ADC, an application delivery controller, and Citrix Gateway, a remote access tool, and are both popular in enterprise networks. The critical-rated vulnerability allows an unauthenticated attacker to remotely run malicious code on vulnerable devices — no passwords needed. Citrix also says the flaw is being actively exploited by threat actors.

“We are aware of a small number of targeted attacks in the wild using this vulnerability,” Peter Lefkowitz, chief security and trust officer at Citrix, said in a blog post. “Limited exploits of this vulnerability have been reported.” Citrix hasn’t specified what industries the targeted organizations are in or how many have been compromised. A Citrix spokesperson did not immediately respond to TechCrunch’s questions.

Citrix rushed out an emergency patch for the vulnerability on Monday and is urging customers using affected builds of Citrix ADC and Citrix Gateway to install the updates immediately.

Citrix didn’t share any further details about the in-the-wild attacks. However, in a separate advisory, the NSA said that APT5, a notorious Chinese hacking group, has been actively targeting Citrix ADCs in order to break into organizations without having to first steal credentials. The agency also provided threat-hunting guidance [PDF] for security teams and asked for intelligence sharing among the public and private sectors.

APT5, which has been active since at least 2007, largely conducts cyber espionage campaigns, and has a history of targeting tech companies including those building military applications, and regional telecommunication providers. Cybersecurity firm FireEye has previously described APT5 as “a large threat group that consists of several subgroups, often with distinct tactics and infrastructure.”

Last year, APT5 exploited a zero-day vulnerability in Pulse Secure VPN — another networking product often targeted by hackers — to breach U.S. networks involved in defense research and development.

NSA says Chinese hackers are exploiting a zero-day bug in popular networking gear by Carly Page originally published on TechCrunch

Recent Posts

Unlocking the Secrets of JSON.stringify(): More Than Meets the Eye

JSON (JavaScript Object Notation) is a lightweight data-interchange format widely used in web development. At…

2 months ago

How to Handle AJAX GET/POST Requests in WordPress

AJAX (Asynchronous JavaScript and XML) is a powerful technique used in modern web development that…

3 months ago

Page Speed Optimization: Post-Optimization Dos and Don’ts

Introduction After successfully optimizing your website for speed, it's essential to maintain and build upon…

3 months ago

Ultimate Guide to Securing WordPress Folders: Protect Your Site from Unauthorized Access

Securing your WordPress folders is crucial to safeguarding your website from unauthorized access and potential…

4 months ago

HTML CSS PHP File Upload With Circle Progress Bar

Creating a file upload feature with a circular progress bar involves multiple steps. You'll need…

5 months ago

Using WP Rocket with AWS CloudFront CDN

Integrating WP Rocket with AWS CloudFront CDN helps to optimize and deliver your website content…

5 months ago