NSA Exposes Chinese Hackers Exploiting Zero-Day Citrix Flaw


Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that a Chinese hacking group has already been caught exploiting the vulnerability.

Citrix alerted users to CVE-2022-27518, a pre-auth remote code execution bug affecting the Citrix ADC and Citrix Gateway network appliances, via a critical-severity bulletin. The US government’s National Security Agency (NSA) linked the in-the-wild zero-day attacks to APT5, a Chinese hacking group infamous for attacking telecommunications and technology companies, concurrently with Citrix’s release of the emergency fix.

Also Read: Reasons why Cybersecurity Mesh Architecture Has Become a Necessity for Modern Enterprises

The flaw, according to Fortinet, is a serious memory corruption that lets a “remote unauthenticated attacker” run malicious software or issue commands on a target system.

Read More: NSA Outs Chinese Hackers Exploiting Citrix Zero-Day