ioc[.]one - OSINT Cyber Threat Intelligence Database

Active exploitation of Citrix ADC and Gateway Critical Remote Code Execution Vulnerability by Suspected Chinese APT5 (CVE-2022-27518)

Tags

country:	China
attack-pattern:	Data Cron - T1053.003 Software - T1592.002 Vulnerabilities - T1588.006 Vulnerability Scanning - T1595.002

Show in Graph

Common Information

Type	Value
UUID	cd850cca-af26-4ede-8db0-57e5b739cccb
Fingerprint	b41434578d455ccf
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 15, 2022, 12:11 a.m.
Added to db	Nov. 6, 2023, 6:31 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Active exploitation of Citrix ADC and Gateway Critical Remote Code Execution Vulnerability by Suspected Chinese APT5 (CVE-2022-27518)
Title	Active exploitation of Citrix ADC and Gateway Critical Remote Code Execution Vulnerability by Suspected Chinese APT5 (CVE-2022-27518)
Detected Hints/Tags/Attributes	40/2/15

Source URLs

	Redirection	Url
Details	Source	https://research.kudelskisecurity.com/2022/12/15/advisory-active-exploitation-of-citrix-adc-and-gateway-critical-remote-code-execution-vulnerability-by-suspected-chinese-apt5/

URL Provider

Details	Provider	Source level domain
Details	kudelskisecurity.com	research.kudelskisecurity.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	205	✔	Kudelski Security Research	https://research.kudelskisecurity.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	60		cve-2022-27518
Details	Domain	67		www.tenable.com
Details	Domain	2		local0.info
Details	Domain	36		media.defense.gov
Details	Domain	571		www.cve.org
Details	File	5		ns.log
Details	File	2		local0.inf
Details	File	3		csa-apt5-citrixadc-v1.pdf
Details	Mandiant Uncategorized Groups	13		UNC2630
Details	Threat Actor Identifier - APT	41		APT5
Details	Url	1		https://www.tenable.com/plugins/nessus/73204
Details	Url	1		https://support.citrix.com/article/ctx474995/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227518
Details	Url	3		https://media.defense.gov/2022/dec/13/2003131586/-1/-1/0/csa-apt5-citrixadc-v1.pdf
Details	Url	564		https://www.cve.org/cverecord?id=cve
Details	Url	1		https://www.mandiant.com/resources/blog/updates-on-chinese-apt-compromising-pulse-secure-vpn-devices