Shitrix: Hackers target unpatched Citrix systems over weekend

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Shitrix: Hackers target unpatched Citrix systems over weekend
Over the last few days hackers have made multiple attempts to exploit a critical vulnerability found in Citrix technology, used by tens of thousands of businesses worldwide.

Citrix Application Delivery Controller and Citrix Gateway servers (formerly known as Netscaler ADC and Netscaler Gateway respectively) were found to contain a security vulnerability in December that “could allow an unauthenticated attacker to perform arbitrary code execution.”

Citrix has not at the time of writing released a patch for the critical vulnerability, which is officially called CVE-2019-19781 but also goes by the more colloquial moniker of “Shitrix”.

Instead the company has detailed a series of mitigation steps until permanent fixes in the form of firmware updates are made available – hopefully by the end of the month.

Sign up to our free newsletter.
Security news, advice, and tips.

Unfortunately proof-of-concept code that has been published on the internet demonstrating how the vulnerability can be exploited now appears to be being used to target vulnerable Citrix appliances, as researchers Troy Mursch and Kevin Beaumont report.

Mursch says that a scan he conducted found over 25,000 vulnerable Citrix systems, in 122 countries across the globe. Affected organisations include government and military agencies, public universities, hospitals, and financial institutions.

One fear is that an attacker might exploit the flaw to spread a ransomware or cryptomining attack.

If you are responsible for securing your company’s infrastructure, follow Citrix’s mitigation recommendations now to prevent the Shitrix from hitting the fan in your organisation, and ready yourself to update the firmware as soon as the official patches come out.

Further reading: Hackers close Shitrix security hole to keep everyone out apart from themselves


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.