CP
cyberpings
Threat IntelHIGH

Threat Intel - FortiGate RaaS and Citrix Exploits Emerge

THThe Hacker News
FortiGateCitrixLiveChatRaaSphishing
🎯

Basically, cybercriminals are using new tricks to exploit software flaws and steal data.

Quick Summary

This week's bulletin highlights emerging threats like FortiGate RaaS operations and Citrix exploits. Organizations are at risk as these vulnerabilities are actively targeted. Stay informed and strengthen your defenses against these evolving cyber threats.

The Threat

This week’s ThreatsDay Bulletin reveals a concerning trend in cybersecurity, with various threat actors exploiting vulnerabilities across multiple platforms. The Gentlemen Ransomware-as-a-Service (RaaS) group is particularly notable, leveraging a critical authentication bypass vulnerability (CVE-2024-55591) in FortiOS/FortiProxy. This group has successfully compromised around 14,700 FortiGate devices globally, targeting organizations since its emergence in mid-2025. Additionally, a new campaign is actively exploiting known flaws in Citrix NetScaler, with over 500 exploit attempts recorded recently, signaling a potential escalation in attacks.

Who's Behind It

The Gentlemen RaaS group, consisting of about 20 members, is at the forefront of these attacks. Their operations stemmed from a payment dispute within the cybercrime community, leading to their aggressive tactics. On the other hand, the Citrix vulnerabilities are being exploited by various actors, indicating a broader interest in targeting legacy systems. This trend is alarming as it reflects a shift towards exploiting older vulnerabilities that organizations may not have patched.

Tactics & Techniques

The tactics employed by these threat actors are varied and sophisticated. For instance, the Gentlemen use the bring your own vulnerable driver (BYOVD) technique to evade detection and maintain persistence on compromised devices. In the case of Citrix, the exploitation of CVE-2025-5777 and CVE-2023-4966 shows a clear intent to leverage known weaknesses in widely used systems. Moreover, phishing campaigns impersonating IT staff via platforms like Microsoft Teams are on the rise, exploiting the trust users have in internal communications to gain unauthorized access.

Defensive Measures

Organizations must adopt a proactive approach to mitigate these threats. Regularly updating and patching systems is crucial, especially for those using FortiGate and Citrix products. Implementing multi-factor authentication (MFA) can add an extra layer of security, particularly against phishing attempts. Additionally, raising awareness among employees about the risks of social engineering can help prevent successful attacks. Cybersecurity teams should also monitor for unusual activities and prepare incident response plans to address potential breaches swiftly.

🔒 Pro insight: The uptick in exploitation of legacy vulnerabilities underscores the need for organizations to prioritize patch management and threat monitoring.

Original article from

The Hacker News

Read Full Article

Share

Related Pings

HIGHThreat Intel

Threat Intel - FBI Takes Down Pro-Iranian Group's Websites

The FBI has seized websites linked to the pro-Iranian group Handala after they hacked Stryker. This disruption highlights the ongoing cyber threats from state-linked actors. Experts warn that while this action is significant, the group's activities may continue through other means.

TechCrunch Security·
HIGHThreat Intel

Iran Cyberattack Capabilities - Prepped for Epic Fury Response

Iran has significantly enhanced its cyberattack capabilities in response to recent military strikes. Over 60 hacktivist groups are mobilized, raising concerns for global security. This coordinated effort poses a serious threat to US and allied interests.

SecurityWeek·
HIGHThreat Intel

Russian Hackers - Exploit Zimbra Flaw in Ukrainian Attacks

APT28 hackers are exploiting a Zimbra flaw to attack Ukrainian government systems. This poses serious risks to sensitive data and infrastructure. Immediate action is needed to secure vulnerable servers.

BleepingComputer·
HIGHThreat Intel

Threat Intel - Russian Hackers Exploit Zimbra Flaw

APT28, a Russian hacker group, exploited a Zimbra flaw to breach a Ukrainian maritime agency. This attack showcases the ongoing cyber threats faced by Ukraine. Understanding these tactics is vital for improving defenses against future attacks.

The Record·
HIGHThreat Intel

Threat Intel - CISA Urges Immediate Endpoint Security Measures

CISA warns that a recent cyberattack on Stryker Corporation highlights the need for stronger endpoint security. U.S. organizations are urged to secure their systems immediately. This incident reveals the potential risks from foreign cyber activities linked to conflicts. Taking action now is crucial to protect sensitive data.

Help Net Security·
HIGHThreat Intel

DarkSword - New Exploit Kit Targets iOS Devices

A new exploit kit named DarkSword targets iOS devices to steal sensitive data. Multiple threat actors are involved, raising significant security concerns. Users are urged to update their devices and remain vigilant against phishing attacks.

The Hacker News·