Attackers hacked the US Census Bureau using Citrix exploit

The Office of the Inspector General (OIG) reported that unknown attackers hacked the servers of the US Census Bureau on January 11, 2020.

To do this, a zero-day Citrix ADC vulnerability and a public exploit were used, and the Bureau was unaware of the breach until January 28, 2020.

The Bureau missed opportunities to mitigate a critical vulnerability, which resulted in the exploitation of vital servers. Once the servers had been exploited, the Bureau did not discover and report the incident in a timely manner. Additionally, the Bureau did not maintain sufficient system logs, which hindered the incident investigation. Following the incident, the Bureau did not conduct a lessons-learned session to identify improvement opportunities. We also found that the Bureau was operating servers that were no longer supported by the vendor.OIG representatives talked about the incident.

Census Bureau officials said the compromised servers prevented access to data from the 2020 census. Instead, the servers were intended for remote workers and provided access to production, development, and test networks.

The exploitation of [the vulnerability] was partly successful because an attacker modified the user’s account information in preparation for remote code execution. However, attackers’ attempts to retain access to the system by creating a backdoor on the affected servers were unsuccessful. the OIG report says.

The vulnerability in question is the known critical bug CVE-2019-19781, discovered on December 17, 2019. It affects Citrix Application Delivery Controller (ADC) systems and company gateways. The bug allows an unauthorized attacker to send a specially crafted request that will subsequently grant him the ability to execute arbitrary commands on the server.

After gaining such an opportunity, an attacker can develop his attack, successfully move through the corporate network, and gain access to data stored on the attacked system (information about virtual machines, system users, and so on).

The vulnerability was patched in January 2020, and according to an OIG report, the Census Bureau’s servers turned out to be one of the first targets of hackers, they were hacked on the first day of active exploitation of the bug.

Let me remind you that I just talked about the Chinese hackers attack US organizations and exploit bugs in Citrix.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *