threatintel
actor tracker
IOC pivot
ioc · name

CVE-2023-4966 (Citrix Bleed)

RU · RussiaLockBitconfidence · high

LockBit 3.0 affiliates' primary initial-access vector during the October-November 2023 wave documented in joint CISA/FBI/MS-ISAC/ACSC advisory AA23-325A - NetScaler ADC and Gateway session-token theft used against Boeing, ICBC, Allen & Overy, and DP World.

family
LockBit
first seen
Nov 20, 2023
publisher
CISA
source citation