Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

ACSC flags vulnerability used to breach DP World as critical

The vulnerability used by threat actors to bring down major Australian port operator DP World has been flagged as critical by the Australian Cyber Security Centre (ACSC).

user icon Daniel Croft
Thu, 16 Nov 2023
ACSC flags vulnerability used to breach DP World as critical
expand image

The ACSC issued an alert that it is tracking vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway, one of which was used by threat actors to breach DP World.

The vulnerability, according to the ACSC, “may allow a malicious actor to exploit a vulnerability to obtain sensitive information disclosure and conduct session hijacking”.

“The ASD’s ACSC has assessed that there is significant exposure to these Citrix NetScaler ADC and NetScaler Gateway vulnerabilities in Australia and that any future exploitation would have significant impact to Australian systems and networks,” the ACSC said.

============
============

Exploitation of the vulnerability, which was dubbed CitrixBleed by researchers, has been observed since August, with Citrix patching it in October.

However, as researcher Kevin Beaumont demonstrated in a post on his blog, DP World continued to run Citrix NetScaler without patching it, despite the urgency.

The Shodan search engine, as observed by ITWire, also shows that on 6 November, the company had not patched CitrixBleed.

Other organisations that fell victim to hacks due to the unpatched vulnerability include Boeing and the Industrial and Commercial Bank of China, both of which were hit by LockBit.

Currently, there is no conclusive evidence to say who launched the attack on DP World. However, ITWire was told that it could have been LockBit or Medusa.

DP World was hit earlier in the year by the Clop ransomware group, as part of the GoAnywhere breach, but there is nothing to indicate that the two attacks are connected.

DP World resumed operations on Monday (13 November), with the disruption lasting a total of three days from 10 to 13 November, affecting ports in Brisbane, Melbourne, Perth and Sydney.

“The resumption of port operations does not mean that this incident has concluded,” said the company.

“DP World Australia’s investigation and ongoing remediation work are likely to continue for some time.”

The ACSC also flagged vulnerability CVE-2023-3519, which it said would allow “a malicious actor to exploit a vulnerability and execute code remotely without authentication”.

For both vulnerabilities, Australian organisations are recommended to review their networks and instances of both Citrix NetScaler ADC and NetScaler Gateway. Those who observe vulnerable instances should install updated versions of both as soon as possible.

The ACSC added that it is also tracking three additional vulnerabilities – CVE-2023-3467, CVE-2023-3466 and CVE-2023-4967, all of which have been flagged as critical.

For more information on the additional vulnerabilities, head to the Citrix website.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.