NSA warns Citrix devices are under attack from Chinese hackers, so update now

Flaw is making a known hacking group’s attacks much easier

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The US National Security Agency (NSA) is warning that a hacking collective backed by the Chinese state is exploiting a zero-day security flaw in two common Citrix products to gain access to networks.

The critical vulnerability,CVE-2022-27518, affects the application delivery controller Citrix ADC andremote accesstool Citrix Gateway, with both popular inbusiness tech stacks.

In an officialblog post, Peter Lefkowitz, chief security and trust officer at Citrix claimed that “limited exploits of this vulnerability have been reported,” but did not elaborate on the number of attacks or the industries involved.

Citrix emergency patch

Despite its opaque PR response, Citrix released a patch on December 12, 2022 that it claims resolves the issue, and is urging all affected customers to update their applications immediately.

The NSA, meanwhile, has released its ownguidancein the form of a PDF report detailing the activities of APT5.

Sometimes referred to as Manganese,  this group of threat actors has apparently explicitly targeted networks running these Citrix applications to break through organizational security without first having to steal credentials viasocial engineeringandphishingattacks.

Here’s our list of the best business VPNs right now>Most firms still don’t have a secure remote access solution in place>Citrix urges admins to patch these dangerous flaws immediately

APT5, according toMalpediaandTechCrunch,has been active since “at least 2007”, and is known to run cyberespionage attacks against countries the Chinese government perceives as threats, usually against tech companies developing military technology, and telecommunications infrastructure.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

TechRadar Proreportedin 2019 that the hacking group compromised a number ofVPNsavailable worldwide, including Fortinet, Pulse Secure, and Palo Alto VPN. Pulse Secure, especially, is common inthe networks of Fortune 500 companies.

ViaTechCrunch

Luke Hughes holds the role of Staff Writer at TechRadar Pro, producing news, features and deals content across topics ranging from computing to cloud services, cybersecurity, data privacy and business software.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case