• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2018-4832 Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software
March 13, 2019
Rewterz Threat Advisory – CVE-2019-0797 FruityArmor, SandCat Exploiting Microsoft Win32k Flaw
March 14, 2019

Rewterz Threat Alert – Citrix Network Breached

March 14, 2019

Severity

High

Analysis Summary

Citrix has confirmed that their network was breached and attackers has managed to get their hands on the “Business Documents” according to their CISO (Chief Information Security Officer).

“The specific documents that may have been accessed, however, are currently unknown. At this time, there is no indication that the security of any Citrix product or service was compromised”

It is likely that the attackers used the password spraying tactic which is used to exploit weak passwords and once they get their foothold with limited access, they work their way out to additional layers of security compromising at least “6TB” of data, founding ways to bypass (2FA) two factor authentication and (SSO) single sign on and services for further unauthorized access to VPN (Virtual Private Networks) channels.

Impact

  • System access
  • Loss of credentials
  • Loss of sensitive information
  • Network intrusion
  • Data ex filtration

Indicators of Compromise

IP(s) / Hostname(s) 178[.]131[.]21[.]19
5[.]115[.]23[.]11
5[.]52[.]14[.]23
23[.]237[.]104[.]90
194[.]59[.]251[.]12
185[.]244[.]214[.]198
138[.]201[.]142[.]113
92[.]222[.]252[.]193
51[.]15[.]240[.]100
185[.]220[.]70[.]135

Affected Vendors

Citrix Systems

Remediation

  • Block threat indicators at your respective controls.
  • Prevent users from common passwords
  • Deploy alternative passwords where possible
  • Enforce the multi factor authentication on externally reachable endpoints
  • Provide pragmatic advice to the users on how to choose good passwords.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.