This audio is automatically generated. Let us know if you have any feedback.
Threat actors from ransomware group Royal are allegedly suspected of exploiting a critical vulnerability in two Citrix products in order to launch an attack on a small business in the United States. Researchers from At-Bay.
The vulnerability is listed as CVE-2022-27510allowing attackers to bypass authentication measures in the technology company’s application delivery controller and gateway products.
This appears to be the first known exploit of this particular Citrix vulnerability, which the company first disclosed in November.
The ransomware group Royal first emerged in January 2022 and became one of the most prolific ransomware actors that year. By November, Royal overtook LockBit as the most active threat group in the world, according to NCC Group research.
Avertium Research Royal is an experienced group that typically targets organizations in the United States, using malicious attachments or malvertising to spread malware.
The group used malicious Google ads to spread the BatLoader malware. Unlike some other organizations, Royal does not operate as a ransomware-as-a-service provider and therefore has no affiliates.
According to Avertium, the group initially used the BlackCat group’s encryptor but switched to using their own Zeon encryptor and left ransomware notes believed to be similar to those left by Conti.
The group claimed responsibility for the November attack on British motor racing circuit Silverstone.
A spokesman for Citrix could not be immediately reached.