Skip to main content
close search
site logo
Dive Brief

Dozens of credit unions confront outages linked to third-party ransomware attack

CitrixBleed ensnared another industry, leading to a network incident at Ongoing Operations, which provides business continuity services.

Published Dec. 4, 2023
Matt Kapko's headshot
Senior Reporter
An illustration of the front of a bank connected to different icons representing digital services.
Chor muang via Getty Images

Dive Brief:

  • About 60 credit unions are contending with outages due to a ransomware attack against Trellance, a third-party IT vendor for the industry, the National Credit Union Administration said Friday. 
  • Trellance-owned Ongoing Operations told affected credit unions it was the target of a ransomware attack on Nov. 26, Joseph Adamoli, acting director and media relations manager at NCUA, said in an email. FedComp, another Trellance-owned unit serving credit unions, also reported a nationwide outage. 
  • Ongoing Operations said the incident is isolated to a segment of its network. “The investigation to determine what impact this incident may have had on information stored on our network systems is ongoing,” the company said in a Friday statement.

Dive Insight:

The ransomware attack appears to be linked to a critical and widely exploited vulnerability in Citrix networking products, CVE-2023-4966, which is also dubbed CitrixBleed, according to cybersecurity researcher Kevin Beaumont.

“Ongoing Operations’ two Netscaler devices remain offline. This is disrupting operations in a way which impacts millions of Americans,” Beaumont said in a Sunday blog post. Ongoing Operations last modified its Citrix Netscaler application delivery controller on May 12, according to logs posted by Beaumont.

The widely exploited vulnerability is also linked to recent ransomware attacks against Boeing and Fidelity National Financial. Following multiple compromises, in early November the Cybersecurity and Infrastructure Security Agency urged organizations to apply a patch, hunt for and report malicious activity.

NCUA said it informed the Treasury Department, FBI and CISA, and noted member deposits at federally insured credit unions are covered by the National Credit Union Share Insurance Fund up to $250,000.

An increasing number of ransomware attacks hit credit unions this year, including multiple credit unions that were impacted by the spree of attacks against MOVEit file-transfer service environments in late May.

“The NCUA has a framework to evaluate and respond to these types of incidents,” Adamoli said. After the agency required federally insured credit unions to report a cybersecurity incident within 72 days, NCUA received 146 incident reports in the first month, NCUA Chair Todd Harper said in October.

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell