{"id":12795,"date":"2020-01-25T00:29:34","date_gmt":"2020-01-24T23:29:34","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=12795"},"modified":"2020-01-25T00:44:58","modified_gmt":"2020-01-24T23:44:58","slug":"cyber-attacks-on-citrix-city-of-brandenburg-and-community-stahnsdorf-offline","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/01\/25\/cyber-attacks-on-citrix-city-of-brandenburg-and-community-stahnsdorf-offline\/","title":{"rendered":"Cyber attacks on Citrix: City of Brandenburg and community Stahnsdorf offline"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/01\/24\/cyber-angriffe-stadt-brandenburg-und-gemeinde-stahnsdorf-offline\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]Both the German city of Brandenburg an der Havel and the municipality of Stahnsdorf in the district of Potsdam-Mittelmark (Germany) have gone offline and turned off their IT systems a cyber attack and are working in emergency mode. Here too, Citrix ADC\/Netscaler gateways were the cause of successful attacks. <\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg05.met.vgwort.de\/na\/aacddb2184194846a569600da3c55ec6\" width=\"1\" height=\"1\">At the moment, the IT landscape of German authorities, universities and companies is buzzing with activity. Before Christmas, universities like Frankfurt, Gie\u00dfen or Freiburg were hit, and during the last days were companies like Gedia and the city of Potsdam. So now other administrations are affected. <\/p>\n<h2>City of Brandenburg is offline<\/h2>\n<p>The German city of Brandenburg an der Havel (located clos to Berlin) has shut down its IT systems because of a cyber attack. In the tweet below, the press department informs about the incident. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"de\" dir=\"ltr\">Wie die <a href=\"https:\/\/twitter.com\/LH_Potsdam?ref_src=twsrc%5Etfw\">@LH_Potsdam<\/a> hat auch die Stadt <a href=\"https:\/\/twitter.com\/hashtag\/Brandenburg?src=hash&amp;ref_src=twsrc%5Etfw\">#Brandenburg<\/a> einen Hacker-Angriff \u00fcber <a href=\"https:\/\/twitter.com\/hashtag\/Citrix?src=hash&amp;ref_src=twsrc%5Etfw\">#Citrix<\/a> festgestellt &amp; daher betroffene Citrix-Anwendungen offline genommen. Der Gro\u00dfteil der Verwaltungsarbeit ist nicht betroffen, der E-Mail-Verkehr funktioniert weiterhin. <a href=\"https:\/\/t.co\/ACV6y9T4to\">https:\/\/t.co\/ACV6y9T4to<\/a> <a href=\"https:\/\/t.co\/BJA922OBAB\">pic.twitter.com\/BJA922OBAB<\/a><\/p>\n<p>\u2014 Stadt Brandenburg an der Havel (@Stadt_BRB) <a href=\"https:\/\/twitter.com\/Stadt_BRB\/status\/1220650577765523459?ref_src=twsrc%5Etfw\">January 24, 2020<\/a><\/p><\/blockquote>\n<p><span id=\"preserve8ea03c538dd742c18f2fc32f493be79a\" class=\"wlWriterPreserve\"><SCRIPT charset=\"utf-8\" src=\"https:\/\/platform.twitter.com\/widgets.js\" async><\/SCRIPT><\/span> <\/p>\n<p>The administrative work is not affected and e-mails can be received. The school secretariats, the city forest, the Kirchm\u00f6ser district administration and the local job centre are affected. In these areas the system software has been temporarily taken off the network. <\/p>\n<h2>Also the municipal administration of Stahnsdorf offline<\/h2>\n<p>This German <a href=\"https:\/\/www.morgenpost.de\/berlin\/article228233785\/Cyberangriff-Stadt-Brandenburg-teilweise-vom-Netz.html\" target=\"_blank\" rel=\"noopener noreferrer\">site reported<\/a>, that the municipal administration of Stahnsdorf (Potsdam-Mittelmark district in Germany) also went offline as a preventive measure yesterday. For security reasons (they also use Citrix), the IT of the municipal administration had switched off the connection to the state administration network (LVN). As a result, communication with other authorities is severely restricted or not possible at all.<\/p>\n<h2>Citrix ADC\/NetScaler as a root cause for attacks<\/h2>\n<p>My prophecies of doom have come true. In the article <a href=\"https:\/\/borncity.com\/win\/2020\/01\/24\/ransomware-are-potsdam-and-gedia-are-shitrix-victims\/\">Ransomware: Are Potsdam and Gedia Shitrix victims?<\/a> I proposed, the we have not seen the end of the story and that we would see more cases. In the press release of the city of Brandenburg it says now: <\/p>\n<blockquote>\n<p>A critical system vulnerability has been identified in the Citrix system software used by many government agencies (CVE-2019-19781). Just as in the attack on Potsdam City Hall, a Citrix gateway for handling external system access for city administration employees to the internal employee portal was compromised in the Brandenburg city administration. Specifically, this affects the school secretariats, the city forest, the Kirchm\u00f6ser district administration as well as ARGE\/Jobcenter and HomeOffice accesses. <\/p>\n<\/blockquote>\n<p>So the administrators didn't use a workaround to secure their Shitrix vulnerability on Citrix Netscaler, which I had widely discussed here in the blog. You can read more about the Citrix vulnerability in the following articles. <\/p>\n<p><strong>Similar articles:<\/strong><br \/><a href=\"https:\/\/borncity.com\/win\/2019\/12\/24\/schwachstelle-in-citrix-produkten-gefhrdet-firmen-netzwerke\/\">Vulnerability in Citrix Apps put companies at risk<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/01\/13\/poc-for-citrix-adc-netscaler-vulnerability-cve-2019-19781\/\">PoC for Citrix ADC\/Netscaler vulnerability CVE-2019-19781<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/01\/17\/further-actions-required-for-citrix-netscaler-vulnerability\/\">Further actions required for Citrix Netscaler vulnerability<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/01\/24\/citrix-vulnerability-new-updates-and-scanners-for-testing\/\">Citrix vulnerability: New updates and scanners for testing<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/01\/23\/ransomware-befall-beim-automobilzulieferer-gedia\/\">German Automotive Supplier Gedia Ransomware Victim<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/01\/24\/potsdam-offline-ungereimtheiten-erzwingen-server-shutdown\/\">City of Potsdam (Germany) offline \u2013 IT Servers shutdown<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/01\/24\/ransomware-are-potsdam-and-gedia-are-shitrix-victims\/\">Ransomware: Are Potsdam and Gedia Shitrix victims?<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Both the German city of Brandenburg an der Havel and the municipality of Stahnsdorf in the district of Potsdam-Mittelmark (Germany) have gone offline and turned off their IT systems a cyber attack and are working in emergency mode. Here too, &hellip; <a href=\"https:\/\/borncity.com\/win\/2020\/01\/25\/cyber-attacks-on-citrix-city-of-brandenburg-and-community-stahnsdorf-offline\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547],"tags":[69],"class_list":["post-12795","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/12795","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=12795"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/12795\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=12795"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=12795"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=12795"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}