Cyber attacks on Citrix: City of Brandenburg and community Stahnsdorf offline

[German]Both the German city of Brandenburg an der Havel and the municipality of Stahnsdorf in the district of Potsdam-Mittelmark (Germany) have gone offline and turned off their IT systems a cyber attack and are working in emergency mode. Here too, Citrix ADC/Netscaler gateways were the cause of successful attacks.


At the moment, the IT landscape of German authorities, universities and companies is buzzing with activity. Before Christmas, universities like Frankfurt, Gießen or Freiburg were hit, and during the last days were companies like Gedia and the city of Potsdam. So now other administrations are affected.

City of Brandenburg is offline

The German city of Brandenburg an der Havel (located clos to Berlin) has shut down its IT systems because of a cyber attack. In the tweet below, the press department informs about the incident.

The administrative work is not affected and e-mails can be received. The school secretariats, the city forest, the Kirchmöser district administration and the local job centre are affected. In these areas the system software has been temporarily taken off the network.

Also the municipal administration of Stahnsdorf offline

This German site reported, that the municipal administration of Stahnsdorf (Potsdam-Mittelmark district in Germany) also went offline as a preventive measure yesterday. For security reasons (they also use Citrix), the IT of the municipal administration had switched off the connection to the state administration network (LVN). As a result, communication with other authorities is severely restricted or not possible at all.


Citrix ADC/NetScaler as a root cause for attacks

My prophecies of doom have come true. In the article Ransomware: Are Potsdam and Gedia Shitrix victims? I proposed, the we have not seen the end of the story and that we would see more cases. In the press release of the city of Brandenburg it says now:

A critical system vulnerability has been identified in the Citrix system software used by many government agencies (CVE-2019-19781). Just as in the attack on Potsdam City Hall, a Citrix gateway for handling external system access for city administration employees to the internal employee portal was compromised in the Brandenburg city administration. Specifically, this affects the school secretariats, the city forest, the Kirchmöser district administration as well as ARGE/Jobcenter and HomeOffice accesses.

So the administrators didn't use a workaround to secure their Shitrix vulnerability on Citrix Netscaler, which I had widely discussed here in the blog. You can read more about the Citrix vulnerability in the following articles.

Similar articles:
Vulnerability in Citrix Apps put companies at risk
PoC for Citrix ADC/Netscaler vulnerability CVE-2019-19781
Further actions required for Citrix Netscaler vulnerability
Citrix vulnerability: New updates and scanners for testing
German Automotive Supplier Gedia Ransomware Victim
City of Potsdam (Germany) offline – IT Servers shutdown
Ransomware: Are Potsdam and Gedia Shitrix victims?

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Software and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *