Pennsylvania AG’s email and website hit by cyberattack
▼ Summary
– The Pennsylvania Attorney General’s office suffered a cyberattack, taking down its systems, including landlines, emails, and its website.
– Attorney General Dave Sunday stated staff are working to restore services and investigate the incident with law enforcement assistance.
– The attack’s impact suggests ransomware, though no group has claimed responsibility, and the cause remains unconfirmed.
– Cybersecurity experts found vulnerable Citrix NetScaler appliances on the AG’s network, possibly linked to the CVE-2025-5777 flaw.
– Over 3,300 Citrix devices remain vulnerable globally, with attacks exploiting the flaw reported in the Netherlands and flagged by CISA.
Pennsylvania’s Attorney General office has suffered a major cyberattack, disrupting critical services including email, phone lines, and its official website. The breach has forced staff to operate with limited resources while investigators work to identify the source and restore functionality.
Attorney General Dave Sunday confirmed the incident on social media, stating that the office’s network remains offline, affecting communications and digital operations. “We are actively investigating the cause of this cyber incident and prioritizing service restoration,” Sunday said. Despite the disruption, employees continue their duties using alternative methods to minimize delays in legal and administrative work.
While no group has claimed responsibility, the attack’s characteristics suggest a ransomware operation, though officials have not confirmed this. Cybersecurity experts note that the Pennsylvania AG’s office had previously exposed vulnerabilities in its network infrastructure.
Earlier this year, researcher Kevin Beaumont discovered that two Citrix NetScaler devices used by the office were susceptible to CVE-2025-5777, a critical flaw also known as Citrix Bleed 2. One device went offline in late July, followed by the second in early August, raising concerns about potential exploitation.
The threat extends beyond Pennsylvania. Over 3,300 Citrix NetScaler systems worldwide remain unpatched against this vulnerability, according to the Shadowserver Foundation. The Netherlands’ National Cyber Security Centre also reported that attackers have leveraged the flaw since May, targeting high-profile organizations, including the country’s Public Prosecution Service.
In response, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urgently mandated federal agencies to patch affected systems within 24 hours, adding CVE-2025-5777 to its Known Exploited Vulnerabilities catalog.
As recovery efforts continue, the Pennsylvania AG’s website remains inaccessible, underscoring the persistent risks posed by unpatched software and sophisticated cyber threats.
(Source: Bleeping Computer)
