The title is not correct. They used credentials to get access to the vpn. How they moved laterally is obviously the interesting part anyway. Change the title, it gives cover to the lumbering behemoth that fault might lie anywhere besides UnitedHealths corrupt IT.
You are correct. I made a mistake with the title, it should say that access was acquired through a Citrix account without MFA as opposed to a direct Citrix bug. My bad. I will email mods to change it.
This Reuters[0] article is much more specific about saying it was a Citrix vulnerability, but since Citrix has not issued an official statement, it's better to have it changed to the default title.
13 comments
[ 3.0 ms ] story [ 24.6 ms ] threadHackers Broke into Change Healthcare's Systems 9 Days Before Cyberattack (https://news.ycombinator.com/item?id=40127483) - Apr 2024 (27 comments)
BlackCat ransomware group implodes after apparent payment by Change Healthcare (https://news.ycombinator.com/item?id=39610846) - Mar 2024 (162 comments)
UnitedHealth says Change hackers stole health data on ‘substantial proportion of people in America’ (https://techcrunch.com/2024/04/22/unitedhealth-change-health...)
This Reuters[0] article is much more specific about saying it was a Citrix vulnerability, but since Citrix has not issued an official statement, it's better to have it changed to the default title.
[0]: https://www.reuters.com/technology/cybersecurity/unitedhealt...
(Submitted title was "UnitedHealth hackers exploited Citrix bug, CEO says")
And then Verizon allegedly allowed it to happen again a few days later after they had thought the original phones/sims shut down