Kevin Beaumont: "LockBit victims currently runn…" - Cyberplace

Recent searches

Search options

Only available when logged in.

Kevin Beaumont @GossiTheDog@cyberplace.social

LockBit victims currently running incidents with Citrix Netscaler initial entry, by sector: finance, freight, legal, defence #threatintel

Nov 11, 2023, 12:45 PM·

8boosts·26favorites

Kevin Beaumont @GossiTheDog

Kevin Beaumont @GossiTheDog

Boeing had unpatched Citrix Netscaler at time of their Lockbit incident, per Shodan data.

Kevin Beaumont @GossiTheDog

The Boeing #CitrixBleed incident led to a $200m ransom demand: https://cyberscoop.com/boeing-confirms-attempted-200-million-ransomware-extortion-attempt/

CyberScoop · May 8, 2024Boeing confirms attempted $200 million ransomware extortion attemptBy AJ Vicens

Kevin Beaumont @GossiTheDog

Prior recaps on #CitrixBleed and LockBit by me: https://doublepulsar.com/lockbit-ransomware-group-assemble-strike-team-to-breach-banks-law-firms-and-governments-4220580bfcee

https://doublepulsar.com/mass-exploitation-of-citrixbleed-vulnerability-including-a-ransomware-group-1405cbb9de18

https://doublepulsar.com/what-it-means-citrixbleed-ransom-group-woes-grow-as-over-60-credit-unions-hospitals-47766a091d4f

DoublePulsar · Nov 13, 2023LockBit ransomware group assemble strike team to breach banks, law firms and governments.By Kevin Beaumont

Kevin Beaumont @GossiTheDog

I got in loads of trouble for writing those blogs, but looking back I think they stand up, were important and helped defuse a situation where people weren’t paying enough attention.

Peter Bindels @dascandy42@mastodon.social

@GossiTheDog SSLv3 ? Are they running a honeypot or what?

Andres Martinez @admrotob@infosec.exchange

@GossiTheDog oo la la thank you

Andy Green, Ph.D. :verified: @andygreenphd@infosec.exchange

@GossiTheDog how did you get in trouble for the blog posts?

Drag & drop to upload