IOC pivotioc · name
CVE-2023-4966 (Citrix Bleed)
RU · RussiaLockBitconfidence · high
LockBit 3.0 affiliates' primary initial-access vector during the October-November 2023 wave documented in joint CISA/FBI/MS-ISAC/ACSC advisory AA23-325A - NetScaler ADC and Gateway session-token theft used against Boeing, ICBC, Allen & Overy, and DP World.
- family
- LockBit
- first seen
- Nov 20, 2023
- publisher
- CISA