DP World cyber attack thread. It’s ransomware, entry point is Citrix Netscaler #CitrixBleed. https://www.theage.com.au/national/ports-to-remain-closed-as-afp-investigates-cybersecurity-breach-20231111-p5ej9i.html
Here’s their Citrix Netscaler, on Monday it was still unpatched. https://beta.shodan.io/host/202.8.92.29
DP World’s Citrix Netscaler is now offline.
@GossiTheDog Their OWA is also offline (duh)
I can't be arsed to check whether the two RDP things in UAE are still connectable. The [old?] Sophos & Sonicwall boxes are still there though.
Wouldn't surprise me if the ransomware people are still connected & poking around.
(DPW is apparently Dubai based)