Earlier today, CISA issued an advisory: StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability. The advisory includes TTPs and IOCs obtained from FBI, ACSC, and voluntarily shared by Boeing following its recent attack by LockBit that resulted in their data being leaked. Boeing observed LockBit 3.0 affiliates exploiting CVE-2023-4966, to obtain initial access to Boeing Distribution Inc., its parts and distribution business that maintains a separate environment. Other trusted third parties have observed similar activity impacting their organization. Read the advisory.
In related news today, Bleeping Computer reports:
Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 ‘Citrix Bleed’ vulnerability to secure vulnerable devices against attacks.
Besides applying the necessary security updates, they’re also advised to wipe all previous user sessions and terminate all active ones.
Read more at Bleeping Computer.