A cyber criminal is selling access to 900 Citrix servers of big companies worldwide
A new finding on dark web has put the security teams of hundreds of companies in alert. Specialists report that an unidentified user is selling access to more than 900 Citrix Systems deployments. Affected organizations include a U.S.-based cooperative bank, as well as government organizations, telecommunications and IT services companies around the world.
A Threat Actor is selling over 900 Citrix access.
Among the victims there is a Credit Union Bank in the U.S. 🇺🇸 and different Government, Telco, IT & Cloud companies from various countries around the world🌐.
The victim bank and a partial list of victims have been identified! pic.twitter.com/tBARiVMATO
- Bank Security (@Bank_Security) August 27, 2020
Citrix Systems is an American company dedicated to the development of software solutions for virtualization, computer network construction, and cloud computing services, including open source developer Xen. Today, more than 230,000 organizations around the world use some of Citrix’s solutions, mentioning the company’s latest reports. The following are some screenshots shared by the seller:
The company has yet to comment on this, although it is highly probable that this information will be confirmed in the coming days, in the same way that it has happened in similar incidents. Neither is known any detail about the vendor or about the method used to compromise the accesses of the affected organizations.
A few weeks ago, another user of hacking forums on darknet disclosed the sale of a database allegedly owned by Citrix that contained about 2 million records of the company’s customers. The database, identified as citrix_leads_vivo, was on sale for 2.15 Bitcoin (about $20,000 USD at the current exchange rate).
Originally published at https://www.securitynewspaper.com on August 28, 2020.