Office disruption at Pennsylvania Attorney General's headquarters attributed to 'cyber event'
The Pennsylvania Office of Attorney General (OAG) is currently grappling with a significant cyber incident that has resulted in a digital blackout of its services, including the website, email accounts, and phone lines[1][2][3]. The incident, which began on August 11, 2025, has sparked concerns about potential connections to vulnerabilities in the OAG's IT systems, particularly the Citrix NetScaler instances.
In mid-July, cyber sleuth Kevin Beaumont noted that two of the OAG's Citrix boxes were still vulnerable to the security flaw known as CitrixBleed 2[2][3]. This vulnerability, CVE-2025-5777, allows attackers to read memory contents, potentially bypassing security features like multifactor authentication[3]. The vulnerability was added to the CISA's Known Exploited Vulnerabilities list on July 10, 2025[2][3].
While the OAG has not explicitly stated that the CVE-2025-5777 vulnerability was the cause of the cyber incident, information security experts have voiced suspicions about the possibility, given the vulnerability was left unpatched[2][3].
Attorney General Dave Sunday expressed frustration but praised the dedication and professionalism of the IT staff working to resolve the issue[1]. The OAG is collaborating with law enforcement partners to restore its systems[1][2]. As of August 18, 2025, the OAG is in the process of restoring email access and has made its website available again[5]. The cause of the incident remains under investigation.
Updates about the incident are being provided via social media channels, with a statement regarding the outage posted on the OAG's Facebook page yesterday[4]. Temporary Outlook email addresses have been provided to the press to reach the OAG about the incident. The public is advised to stay informed through these channels for the latest updates.
[1] - https://www.attorneygeneral.gov/news/press-releases/attorney-general-shapiro-provides-update-cyber-incident-impacting-office-attorney-general/ [2] - https://www.cisa.gov/uscert/ncas/alerts/aa25-305a [3] - https://www.bleepingcomputer.com/news/security/cve-2025-5777-patches-released-for-citrix-bleed-2-vulnerability/ [4] - https://www.facebook.com/PAOfficeAttorneyGeneral/posts/10160535317514677 [5] - https://www.attorneygeneral.gov/news/press-releases/attorney-general-shapiro-provides-update-cyber-incident-impacting-office-attorney-general/
- The cyber incident at Pennsylvania Office of Attorney General (OAG) has raised questions about the security of its datacenter, particularly the vulnerabilities in Citrix NetScaler instances, such as the recently known flaw, CitrixBleed 2 (CVE-2025-5777), which allows potential memory content reading and bypassing security features like multifactor authentication.
- In light of the incident, discussions among information security experts have highlighted the importance of prompt patching of known cybersecurity threats to avoid potential attacks, as the vulnerability CVE-2025-5777 was added to the CISA's Known Exploited Vulnerabilities list on July 10, 2025.
- As the OAG's IT team works to restore its services and collaborates with law enforcement partners, the use of artificial intelligence (AI) and advanced technology could potentially aid in the investigation to determine the exact cause of the incident, either due to the CVE-2025-5777 vulnerability or other possible sources of bugs or attacks.
- Given the disruption caused by the incident, cloud-based solutions might serve as a temporary measure to ensure the continuity of essential services during the recovery process, providing a secure alternative to restore email accounts and maintain communication between the OAG and the public.
