Vulnerability in Citrix’s software, known as Citrix Bleed, was exploited by a ransomware group, LockBit 3.0, to attack aviation giant Boeing and other organizations.
Last month, Russia-based ransomware group LockBit 3.0 claimed responsibility for the attack on Boeing. Subsequently, it removed Boeing’s name from the leak site and extended the deadline from November 2 to November 10. However, talks between Boeing and LockBit 3.0, if any, were not successful, as the latter published about 50GB of data allegedly stolen from Boeing’s systems. LockBit is believed to have hacked as many as 800 organizations in 2023 alone.
“We are aware that, in connection with this incident, a criminal ransomware actor has released information it alleges to have taken from our systems,” Boeing said in a statement. “We continue to investigate the incident and will remain in contact with law enforcement, regulatory authorities, and potentially impacted parties, as appropriate.”
According to some estimates, US organizations hit by LockBit paid the ransomware gang as much as $90 million as ransom between 2020 and mid-2023. Since its formation in 2020, LockBit has emerged as one of the world’s biggest hacking groups.
Advisory based on data shared by Boeing
Based on the data “voluntarily shared” by Boeing, a cybersecurity advisory was issued by the Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI and Australian Cyber Security Center.
“Citrix Bleed, known to be leveraged by LockBit 3.0 affiliates, allows threat actors to bypass password requirements and multifactor authentication (MFA), leading to successful session hijacking of legitimate user sessions on Citrix NetScaler web application delivery control (ADC) and Gateway appliances,” said the advisory.