Cyber Security News

Hackers Breached US Census Bureau in 2020 Using Citrix Exploit

According to the report published by the US Office of Inspector General (OIG), on January 11, 2020, the servers operated by the US Census Bureau were attacked using a publicly available exploit.

 These servers were to provide the Bureau with remote-access capabilities for its enterprise staff to access the production, development, and lab networks.

The Attack On The Servers Operated By the US Census Bureau

The report says the exploit was partially successful, in that the attacker modified user account data on the systems to prepare for remote code execution. Still, the attacker’s attempts to maintain access to the system by creating a backdoor into the affected servers were unsuccessful.

The Census Bureau did not take steps to limit its online system's vulnerability before the attack and did not discover what happened in a timely fashion, the Associated Press reported.

According to the analysis, the bureau’s firewalls prohibited the hackers from maintaining access to the system, but they were still able to make changes, like creating user accounts, while they had access, the watchdog report said.

A probe also found the agency did not keep proper system logs, which hindered the investigation into the hack and none of the information related to the 2020 census was changed during the cyberattack.

"Furthermore, no systems or data maintained and managed by the Census Bureau on behalf of the public were compromised, manipulated, or lost,” Acting Census Bureau Director Ron Jarmin.

The vulnerability tracked as CVE-2019-19781 was found by Mikhail Klyuchnikov from Positive Technologies. The proof-of-concept ventures for the vulnerability were revealed a couple of times after scans for prone Citrix web servers were discovered.

The report states that the US Census Bureau’s servers were compromised immediately after the availability of PoC exploits in the wild. The Bureau was able to discover the intrusion until January 28, 2020, more than 2 weeks later.

“The Bureau was not aware that the servers had been compromised until January 28, 2020, more than 2 weeks later. We found that this delay occurred because, at the time of the incident, the Bureau was not using a security information and event management tool (SIEM)14 to proactively alert incident responders of suspicious network traffic”, states the report.

The investigators say “The team was consumed with responding to data requests from outside entities, which interfered withholding a lessons-learned session”.

“Furthermore, after reviewing Bureau incident response policies and procedures, we were unable to locate any requirement or guideline prescribing the timeframe in which to hold a lessons-learned session.”

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

New iPhone Hack Convinces Users With Fake Lockdown Mode

A post-exploitation tampering technique has been discovered that allows the malware to visually trick the…

5 hours ago

Researchers Exploited GOG Galaxy XPC for Privilege Escalation in macOS

A critical privilege escalation vulnerability has been discovered to affect macOS devices, particularly the GOG…

5 hours ago

Two Russian Nationals Charged for Hacking Government Accounts

Two Russian citizens have been charged for being involved in a campaign on behalf of the…

23 hours ago

5 Best Ways a Malware Sandbox Can Help Your Company – Threat Analysis Guide 2024

Malware sandboxes are indispensable for threat analysis, but many of their capabilities are often overlooked.…

1 day ago

Lazarus Group Attacking Crypto Users Via Telegram to Deploy Malware

In a calculated escalation of cyber warfare, the Lazarus Group, a notorious North Korea hacking…

1 day ago

Malicious Android Loan Apps Steal Users Personal & Financial Information

There were reports of several Android loan apps that pretended to be providing loan services…

1 day ago