Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Citadel Trojan Linked to Attacks on VPN at International Airport

Citadel Trojan Targeting Airport VPNs

Trusteer is reporting that they have discovered a new attack utilizing the Citadel Trojan. According to a blog post from the security firm, Citadel is targeting an enterprise VPN belonging to a major international airport, but they have withheld the name.

Citadel Trojan Targeting Airport VPNs

Trusteer is reporting that they have discovered a new attack utilizing the Citadel Trojan. According to a blog post from the security firm, Citadel is targeting an enterprise VPN belonging to a major international airport, but they have withheld the name.

Unfortunately, because the airport isn’t listed, the story opens itself to FUD – easily allowing anyone to claim that all VPN users within a given airport hub are at risk. However, that isn’t the case.

The Citadel attack is targeting airport employees – not passengers – in order to steal the credentials needed to access the airport’s VPN and internal applications. It’s also worth noting that these applications are not the ones used to fly the planes or anything so terroristic, more than likely the stolen authentication can be used within the reservation system, time clock, payroll, etc. Trusteer would not comment on the systems available to VPN access.

“This attack uses a combination of form grabbing and screen capture technologies to steal the victim’s username, password, and the one-time passcode generated by a strong authentication product (we have also contacted this vendor),” the blog post explains.

“This is a clever use of form grabbing and screen grabbing techniques by attackers. It also demonstrates how enterprises that rely on strong authentication approaches are still at risk from targeted attacks if they lack cybercrime prevention security on endpoint devices.”

Again, this does not appear to be a terrorism threat. Despite the blog itself mentioning the “potential impact on air travel, security, and border control,” even if the attack was successful it is unlikely the systems targeted would threaten anyone, unless overbooked flights and data theft count as an airline safety issue.

Either way, the airline suspended VPN access after they were alerted to the problem.

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.