Cloud lateral movement via Citrix cookie

Type

Incident

Actors

❓Unknown

Pub. date

December 15, 2023

Initial access

End-user compromise

Impact

Data exfiltration

Observed techniques

Erase logsDisable loggingReverse shell

References

https://www.gem.security/post/uncovering-hybrid-cloud-attacks-through-intelligence-driven-incident-response-part-2-the-attackhttps://www.gem.security/post/uncovering-hybrid-cloud-attacks-through-intelligence-driven-incident-response-part-3-the-response

Status

Stub

Last edited

Jun 2, 2024 8:02 AM