Hackers are selling access to 900 Citrix servers including XenMobile servers belonging to big companies worldwide
A few days back we had reported how Cross-Site Scripting (XSS) vulnerabilities were discovered in Citrix software which allowed remote hackers to take over the Citrix run servers. We had also reported a critical flaw in Citrix System’s XenMobile servers lets hackers steal confidential information. It seems that these vulnerabilities have been exploited in the wild by threat actors.
Hackers are selling access to as many as 900 Citrix servers on the dark web hacker forums. The list was first reported by Bank Security researchers who state that the listed Citrix servers include a U.S.-based cooperative bank, as well as government organizations, telecommunications and IT services companies around the world.
A Threat Actor is selling over 900 Citrix access.
Among the victims there is a Credit Union Bank in the U.S. 🇺🇸 and different Government, Telco, IT & Cloud companies from various countries around the world🌐.
The victim bank and a partial list of victims have been identified! pic.twitter.com/tBARiVMATO
— Bank Security (@Bank_Security) August 27, 2020
Citrix Systems servers power many big tech company websites around the world including many US companies. Citrix offers software solutions for virtualization, computer network construction, and cloud computing services, including open-source XenMobile servers. It is estimated that currently at least 230,000 organizations around the world use some of Citrix’s solutions.
Citrix has not commented on the latest data breach news. Bank Security has not given any further information about who made the listing or the sale price.
A week ago another hacker put an ad on the dark web hacker forums to sell a Citrix database that allegedly contained about 2 million records of the company’s customers. The database, identified as citrix_leads_vivo, was on sale for 2.15 Bitcoin (about $20,000 USD at the current exchange rate).