How the U.S. Census Bureau was hacked via CVE-2019-19781 Citrix vulnerability. One of the most exploited vulnerability over the past two years

A recent report confirms that unidentified threat actors broke into U.S. Census Bureau servers in early 2020 after exploiting a known dangerous vulnerability. A representative of this office mentions that the hackers were connected to the networks of the Decennial Census, although they could not access the information stored in these systems.

Still, a message from the Office of the Inspector General (OIG) notes that hackers managed to gain access to the agency’s servers used to allow employees to access the internal network remotely, activity that increased during the pandemic.

Although OIG officials wrote the name of the server vendor in their report, other information included in the document suggests that hackers exploited a known vulnerability in the Citrix ADC gateway servers used by the census bureau. Tracked as CVE-2019-19781, exploiting this flaw would allow threat actors to evade authentication on Citrix ADC devices and execute malicious code on affected systems.

In this regard, the company published a security alert related to this flaw in 2019, also publishing some tips to mitigate the risk of exploitation while the security patches were ready. Although the patch was released in January 2020, multiple attempts at active exploitation had already been detected.

One of these exploitation incidents was detected at the Census Bureau, as researchers estimate that Citrix implementations at this agency were compromised during the first day of active exploitation of the flaw.

In its report, the OIG notes that while Census Bureau firewalls managed to contain the attack, the agency was unable to prevent the exploitation of CVE-2019-19781, in addition to some end-of-life Citrix implementations.

About this flaw, cybersecurity specialists point out that CVE-2019-19781 became one of the most exploited security flaws in recent years. According to the Cybersecurity and Infrastructure Security Agency (CISA), all kinds of hacking groups have exploited this vulnerability, from ransomware operations, cyber espionage units and thieves of sensitive information.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.