A multi-billion-dollar IT services firm has become the latest victim of the infamous Maze ransomware group after it appeared to target a widely publicized Citrix vulnerability.
New Jersey-headquartered Conduent claims to provide mission-critical services and solutions for “a majority of Fortune 100 companies and over 500 governments.”
The firm admitted in a statement that its European operations were hit by an attack on May 29, early in the morning local time.
“Our system identified ransomware, which was then addressed by our cybersecurity protocols,” it explained. “This interruption began at 12.45 AM CET on May 29 with systems mostly back in production again by 10.00 AM CET that morning, and all systems have since then been restored.”
It said the incident resulted in only “partial interruption” to its services for customers, and an ongoing investigation is being undertaken featuring “internal and external security forensics and anti-virus teams.”
Although Conduent didn’t name its attacker, security researchers have seen Maze post stolen financial data from the firm online as proof of its raid.
Bad Packets claimed that, according to its own research, a Citrix server run by the IT services giant was left unpatched for at least eight weeks.
The Maze group has been observed previously exploiting the CVE-2019-19781 vulnerability in the ADC and Citrix Gateway products, which was first disclosed in December 2019.
The bug can allow an unauthenticated attacker to perform arbitrary code execution on a victim machine.
The Maze group also has previous in this area: hitting IT servi ..
Support the originator by clicking the read the rest link below.
