November 21, 2023

#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability

November 21, 2023

What we know so far

This Cybersecurity Advisory, part of the #StopRansomware campaign, is jointly issued by CISA, FBI, MS-ISAC, and ASD's ACSC. It focuses on the LockBit 3.0 ransomware, which exploits the Citrix Bleed (CVE 2023-4966) vulnerability in Citrix NetScaler systems. The advisory shares observed Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) with insights from Boeing's experience with LockBit 3.0. It highlights the ransomware's impact across multiple sectors. It advises network administrators on mitigation strategies, including isolating affected systems and applying updates, while encouraging network defenders to utilize the advisory's detection methods to identify and respond to potential threats.

Arrow Right

Schedule a test

Subscribe to advisory alerts

Be immediately notified of new advisories and associated security tests

More advisories