Wednesday, August 13, 2025
Latest:

Threatshub.org sponsored-Post

The Register

Major outage at Pennsylvania Attorney General’s Office blamed on ‘cyber incident’

TH Author

The Pennsylvania’s Office of Attorney General (OAG) is blaming a digital blackout of its services on a “cyber incident.”

The OAG posted a statement to Facebook yesterday, saying that its systems are currently down for the count, and the outage has affected the availability of its website, email accounts, and phone lines.

“This is a frustrating situation, and everyone is doing their very best,” said Dave Sunday, attorney general. 

“I am grateful for the dedication and professionalism of our information technology staff, who are working around the clock to resolve the matter. In collaboration with our law enforcement partners, we will work diligently to restore systems. We will continue to do the work of protecting Pennsylvanians no matter the obstacle.”

As of today, the OAG’s website remains offline and its phone lines are still unreachable. Updates have been provided via social media channels.

In a signal of its email system health, the press has been provided temporary Outlook email addresses to reach the OAG about the incident.

No one has determined the cause of the outage yet, but infosec watchers have voiced suspicions of the OAG’s posture for nearly a month. 

Venerable cyber sleuth Kevin Beaumont drew attention to two of the OAG’s Citrix boxes on July 14, noting they were both still vulnerable to the security flaw colloquially referred to as CitrixBleed 2.

Tracked as CVE-2025-5777 (9.3), the critical vulnerability affects various NetScaler ADC and NetScaler Gateway versions, and was compared to CitrixBleed 1 (CVE-2023-4966, 9.4) – one of the more high-profile mass-exploited bugs of 2023.

According to Shodan scans (1, 2), one of the OAG’s NetScaler boxes was taken offline on July 29, and the second was pulled on August 7.

The Register contacted the OAG for a comment on whether there is a connection here.

Asked about how certain he was of a link, Beaumont said it was possible that finding the vulnerable NetScalers and the OAG’s outage are mutually exclusive events.

“The NetScaler boxes appear to be offline now, and they were getting owned back then. Although, it could just be another incident if there’s overall poor security hygiene,” he said. ®

READ MORE HERE