What do Boeing, an Australian shipping company, the world’s largest bank, and one of the world’s biggest law firms have in common? All four have suffered cybersecurity breaches, most likely at the hands of teenage hackers, after failing to patch a critical vulnerability that security experts have warned of for more than a month, according to a post [doublepulsar.com] published Monday.
All four companies have confirmed succumbing to security incidents in recent days, and China’s ICBC has reportedly [reuters.com] paid an undisclosed ransom in exchange for encryption keys to data that has been unavailable ever since.
After the CitrixBleed exploit grants initial remote access through software known as Virtual Desktop Infrastructure [vmware.com], LockBit escalates its access to other parts of the compromised network using tools such as Atera [arstechnica.com], which provides interactive PowerShell interfaces that don’t trigger antivirus or endpoint detection alerts. This access remains even after CitrixBleed is patched unless administrators take special actions.