all InfoSec news
Stolen Citrix Credentials Led to Change Ransomware Attack
Malware Analysis, News and Indicators - Latest topics malware.news
Threat actors behind the Change Healthcare ransomware attack in February were able to gain initial access by leveraging compromised credentials for a Citrix remote access portal, which didn’t have multi-factor authentication enabled. The initial access vector behind the attack was revealed in a new testimony document from Andrew Witty, CEO of Change’s parent company UnitedHealth Group, before he attends a Wednesday hearing by the House Energy and Commerce subcommittee.
The issue of compromised credentials continues to haunt organizations, especially as …
access attack authentication ceo change change healthcare citrix compromised compromised credentials credentials document factor february healthcare healthcare ransomware attack initial access led multi-factor multi-factor authentication portal ransomware ransomware attack remote access stolen testimony threat threat actors