Attackers Now ‘Scanning Extensively’ for Citrix Bleed 2 www.databreachtoday.com/attackers…

Ransomware Group Among Attackers Focused on Exploiting Citrix NetScaler Flaw.

Threat intelligence platform GreyNoise Intelligence last week reported seeing exploit attempts start by June 23.

Beaumont said organizations he works with retrospectively found in their logs' IP addresses tied to known exploitation activity, which first appeared by mid-June.

“One of the IP addresses executing attacks in mid-June has been linked to the RansomHub ransomware group by CISA last year - this IP has been observed dumping memory and replaying session cookies to validate them,” he said. As a result, “even if you did already patch, unless you patched extremely early, you probably need to check for signs of exploitation.”