🐂 Not all bull runs are created equal. November’s AI picks include 5 stocks up +20% eachUnlock Stocks

LockBit 3.0 ransomware exploited Citrix vulnerability at Boeing

EditorHari Govind
Published 22/11/2023, 02:26
© Reuters.
BA
-
CTXS
-
IDSI
-

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, in coordination with the Australian Cyber Security Centre, have issued an updated advisory on the exploitation of the Citrix Bleed vulnerability by LockBit 3.0 ransomware. This Russia-linked cybercrime group targeted a subsidiary of Boeing (NYSE:BA) Co., utilizing a previously undetected flaw in Citrix Systems (NASDAQ:CTXS) that was secretly exploited for weeks before being patched in October 2023.

The updated advisory includes insights into the initial attacks that pre-dated October's efforts to patch the vulnerability, known as CVE-2023-4966. Mandiant confirmed these early attacks, and details were provided based on Boeing Distribution Inc.'s own encounter with this specific strain of ransomware. Eric Goldstein, CISA's executive assistant director, disclosed indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) observed during the incident.

Earlier this month, LockBit issued a ransom demand to Boeing on November 2 and briefly removed the company from its data leak site, only to re-list them with a new deadline set for November 10. This move suggested that there may have been ransom negotiations underway. Although Boeing acknowledged a cybersecurity event at its distribution subsidiary, it did not provide specifics about the ransomware or its connection to Citrix Bleed at that time.

The collaboration between Boeing and the FBI was crucial in alerting nearly 300 entities about their systems' vulnerabilities, which played a significant role in responding to this cybersecurity threat. CISA's Eric Goldstein highlighted the potential for both cybercriminals and nation-state actors to exploit Citrix Bleed for data theft or to gain further access into networks. He also praised Boeing for its public-private sector collaboration following the LockBit attack on Boeing Distribution Inc., which provided CISA with significant technical data.

LockBit 3.0 has been active in various high-profile cyberattacks, including those against ICBC, UK's Royal Mail (LON:IDSI), and a British fintech firm. After a cyberattack took Boeing's parts website offline in October 2023, LockBit released purported company documents online following the lapse of the initial ransom deadline. Boeing maintains that there is no risk to flight safety arising from this breach.

This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.