‘I Hacked Citrix’ - Mystery Russian ‘w0rm’

Uploaded on 2016-01-26 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Citrix, a US software company, specialising in virtualisation and cloud computing, has reportedly been compromised by a Russian hacker called w0rm.

w0rm is infamous for several attacks over the past five years on a number of high profile targets including the BBC, CNET, Adobe and Bank of America. The identity of the person or group behind w0rm is unknown.

According to a blog post (in Russian), w0rm claims to have been able to gain access to the content management system on the Citrix network via an insecure password. From there, it was able to exploit a series of security holes to gain access to the company's administrative system including the remote assistance system.

Cyberint, a cyber-security intelligence company based in Israel, said it identified the hack in October and promptly tried to notify Citrix.

According to Elad Ben-Meir, vice president of marketing at Cyberint, the company made repeated efforts to notify Citrix but received no response. In addition, the hacker w0rm tweeted Citrix with a link to its blog posting on 25 October 2015 and says it received no response.

SCMagazineUK.com has made several attempts to contact Citrix for a comment today but at the time of publication had not received a reply.

According to Ben-Meir, an analysis of w0rm's attack showed that it had gained access to all of Citrix's customers through the administrative system. This would have enabled an attacker potentially to bypass customers' security systems and upload malware undetected.

“Citrix offer a platform for remote assistance – [w0rm] could if he wanted to – but he didn't actually use it, but if he wanted to he could penetrate every endpoint of Citrix customers out there,” said Ben-Meir.

“Essentially if he had wanted to, he could have put malware into every end user of every Citrix customer which then would allow it to either key-log the things the people type, he could steal sensitive information from those end points, or he could use those endpoints as a botnet to run DDos attacks,” he continued. “A hacker that gains access to that amount of PCs is basically really powerful.”

This would have been “undetectable”, he said up until the point that the attacker tried to activate the malware or exfiltrate data, depending on the security systems installed on the organisation's system.

Ben-Meir said that it was not possible to say whether the vulnerability that w0rm, detailed in its blog, might have been exploited by a previous hacker.

Tony Pepper, CEO of Egress Software, said in an email comment sent to SCMagazineUK.com that this latest episode of hacking calls into question the ability of organisations to deploy effective security.

SC Magazine: http://bit.ly/1SeY5nS

« Bitcoin Developer Says Cryptocurrency Has Failed
Another List Of Top Security Predictions For 2016 »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Help Net Security

Help Net Security

Help Net Security has been a prime resource for information security news and insight since 1998.

Code42

Code42

Code42 CrashPlan, is an enterprise SaaS solution that backs up all distributed end-user data on a single, secure platform.

Texplained

Texplained

Texplained specializes in security audits of microchips to identify vulnerabilities and protect against invasive cyber attacks.

Neoteric Networks

Neoteric Networks

We deliver a no nonsense procedure to implementing technology. The technology selection process ensures that all customers enjoy an engineered methodology implementing technology.

Resolver

Resolver

Resolver’s Integrated Risk Management platform helps plan and prepare your organization to limit the likeliness or impact of security risk and compliance events from occurring.

Asoftnet

Asoftnet

Asoftnet are specialists in IT security, IT forensics, IT service, websites, applications and mobile solutions.

Intellias

Intellias

Intellias is a trusted technology partner to top-tier organizations and digital natives helping them accelerate their pace of sustainable digitalization.

Packetlabs

Packetlabs

Packetlabs specializes in penetration testing services and application security.

ADL Consulting

ADL Consulting

ADL Consulting provide information security-related consultancy and training support to businesses across the UK. Our services include ISO27001, GDPR, Cyber Essentials and training.

Outseer

Outseer

Outseer is a leading technology company in the fight against payments fraud. Outseer reliably determines authentic customers from fraudulent behavior.

Oman Technology Fund (OTF)

Oman Technology Fund (OTF)

Oman Technology Fund aims to make Oman the preferred destination for emerging tech companies in the region, and an attractive and stimulating destination for venture capital.

inWebo

inWebo

inWebo is the specialist in multi-factor strong authentication (MFA). We guarantee the security of data and identities in a digital world with increasingly important economic and political stakes.

Invictus International Consulting

Invictus International Consulting

Invictus International Consulting are a recognized leader in full-spectrum cyber technology solutions designed to protect the security of our nation's global defense and critical infrastructure.

OOKOS

OOKOS

OOKOS was founded in 2023 by a team of cybersecurity veterans who recognized that traditional security models were failing to keep pace with evolving threats.

Texas Cyber Solutions

Texas Cyber Solutions

Texas Cyber Solutions are elite cybersecurity advisors based in Houston, Texas providing network security solutions, penetration testing, and more.

Holiseum

Holiseum

Holiseum delivers innovative cybersecurity solutions for the critical infrastructure organizations, as well as cybersecurity services and consulting.