State hackers and cybercriminals are exploiting vulnerabilities in Citrix products to target organizations anywhere, federal agents reported on Tuesday.
The Cybersecurity and Infrastructure Security Agency warned the public that the malware group behind the LockBit ransomware attacks is using the "Citrix Bleed" bug to continue its crimes.
According to the agency, the Bleed is used by threat actors to bypass passwords and authentication systems, giving them access to hijack user sessions on NetScaler web apps.
By hijacking user sessions, hackers are able to illegally collect user credentials, data, and resources.
CISA already notified more than 300 businesses and institutions of the vulnerabilities in accessing Citrix products.
Earlier this month, Boeing was attacked by the LockBit hackers using the same exploits, temporarily halting its parts and distribution services.
"Citrix Bleed" attacks were first reported back in August. Since then, Citrix rated the bug hack with a 9.4 out of 10 on the CVSS severity scale.
'Citrix Bleed' Attacks
Aside from Boeing, security researcher Kevin Beaumont revealed that other notable organizations have suffered similar attacks.
Beaumont listed the law firm Allen & Overy, the Industrial and Commercial Bank of China (ICBC), and Australian shipping company DP World.
LockBit is one of the most notorious Ransomware-as-a-Service hackers in recent history.
The group's affiliates successfully breached large tech firms like SpaceX, Microsoft, the Canadian government, and others.
Curiously, the group is hesitant in attacking healthcare firms and organizations whose disruptions can lead to death.
LockBit previously apologized when one of its affiliates targeted a children's hospital in January, releasing the decryptor for free.
How to be Secure NetScaler Accounts from 'Citrix Bleed' Attacks
Beaumont advised users to be careful when accessing the Internet and "know your network boundary and risky products."
Regularly updating devices connected to Citrix NetScaler ADC and Gateway apps is needed to prevent from hackers using the exploits.
Citrix has been deploying patches faster since the vulnerability was reported.
Once the bug was detected in the system, working with authorities and tech experts is recommended to minimize the disruption the group may cause to the business.