Chinese group APT 41 seen to be exploiting Citrix and Cisco


Cybersecurity company FireEye outlined successful attacks by a Chinese group called APT 41 against Citrix and Cisco equipment in the first two months of 2020, targeting more than 75 FireEye customers, including manufacturers, media companies, and healthcare organizations.

It appears that APT 41 accelerated efforts by exploiting software vulnerabilities in both companies, issues both Citrix and Cisco indicated they fixed.



Beyond the source of the attacks and theories about why APT 41 escalated efforts in the past three months, the target of the attacks is most important from a cyber governance perspective. Companies globally, across all sectors have almost uniformly adopted some degree of digital transformation, including outsourcing certain IT functions to third parties. Cisco is renowned for providing the connective tissue for a company’s digital operations and the internet at large. Citrix—one of the world’s largest networking and remote access technology companies—announced patches for a known vulnerability more than one month after it was disclosed. It is a $15BN company that more than 400,000 companies, including many of the Fortune 500, rely upon to keep their data safe and networks secure. In January this year, FireEye called out Citrix for belated vulnerability patching related to a malware exploit, so this latest news is an indication of continued problems.

These incidents may not prove to have a significant financial impact on any one of the affected companies. But, from a cyber governance perspective, attacks like this underline the fundamental weakness in many companies’ digital infrastructure. They are emblematic of the significant downside risks faced by companies undertaking digital transformation, but often not explicitly recognized. Boards and C-suites have been happy with the productivity and cost efficiencies of such outsourcing, but this has come at the expense of weaker security for many companies. This translates to a loss in enterprise value regardless of whether a public breach is announced.

As Cyberhedge highlighted previously, third-party cloud providers and managed service providers are now critical infrastructure for the world’s most valuable companies—as they go, so go their customers.

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website