Top Threats

NSA APT5: Citrix ADC Threat Hunting Guidance

  • 1.  NSA APT5: Citrix ADC Threat Hunting Guidance

    Posted Dec 13, 2022 10:39:00 PM
      |   view attached
    Hi All,

    NSA just published APT5: Citrix ADC Threat Hunting Guidance.

    APT5 has demonstrated capabilities against Citrix® Application Delivery Controller™ (ADC™) deployments ("Citrix ADCs"). Targeting Citrix ADCs can facilitate illegitimate access to targeted organizations by bypassing normal authentication controls. As such, NSA, in collaboration with partners, has developed this threat-hunting guidance to provide steps organizations can take to look for possible artifacts of this type of activity. Please note that this guidance does not represent all techniques, tactics, or procedures (TTPs) the actors may use when targeting these environments. This activity has been attributed to APT5, also known as UNC2630 and MANGANESE.

    Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA