Citrix has introduced an error that could be used by hackers to gain access to the Australian Department of Defense. Specifically, according to Rachel Noble, which recently became the director of the Australian Signals Directorate (ASD), a bug in Citrix revealed during Christmas, could be used by hackers to gain access to database of the Australian Department of Defense.
On January 24 there were concerns that the Ministry of Defense and the DFRN (Defense Forces Recovery Network) might be vulnerable to possible malicious activity due to the error reported to Citrix. Noble added that ASD believed no data was breached, but efforts were made access on the network where the error occurred. Noble also said it was a mistake that has affected companies worldwide, so it was not the first time it had happened.
As reported by the ABC a few days ago, DFRN was offline and quarantined for 10 days from February 2 to February 12. A source told ABC that the bug was detected before Christmas, and emergency meetings were held twice a day on the matter. The database was run by ManpowerGroup.
Ο CIO Department of Defense spokesman Stephen Pearson said the network in question is an external network and not part of the defense network. Pearson said he did not know if DXC, a ManpowerGroup service provider, ever implemented the patches released by Citrix on January 20th. Finally, Noble has previously stated that it estimates that as of July 1, 2019, ASD receives on average five case reports per day and one report on cybercrime every 10 minutes.