The United States Treasury has written to financial services industry leaders and trade bodies reinforcing earlier speculation that a ransomware attack on the systems of the Industrial and Commercial Bank of China (ICBC) began through exploitation of vulnerabilities in the Citrix NetScaler product family.
The possibility that this was the case was first raised by security researcher and commentator Kevin Beaumont via social media website Mastodon on Thursday 9 November. Beaumont had posted evidence drawn from Shodan revealing that ICBC was running a Citrix NetScaler appliance that was not patched against CVE-2023-4966.
Commonly known as Citrix Bleed, zero-day exploitation of CVE-2023-4966 has been dated to the beginning of August, and it was added to CISA's Known Exploited Vulnerabilities (KEV) catalogue on 18 October, eight days after Citrix issued an update to patch it.
[
add
]
[
|
|
...
]