Cyberattack Disrupts Pennsylvania Attorney General’s Office
The Office of the Pennsylvania Attorney General has fallen victim to a significant cyberattack, taking down its official website, landline phone systems, and email services. Attorney General Dave Sunday confirmed the breach on Monday, noting that staff are working closely with law enforcement to restore affected services and identify the source of the incident.
Impact of the Breach
According to Sunday, “the network that hosts the Office of Attorney General’s systems is currently down,” resulting in an outage across all major communication channels. While the office continues to function in limited capacity, the disruption has severely hampered its ability to serve the public efficiently. Staff are now coordinating with supervisors to minimize delays while investigations continue.
Signs of a Ransomware Attack
Although officials have not formally attributed the attack to a specific threat actor, the scale and crippling nature of the disruption strongly suggests a ransomware incident. So far, no ransomware group has publicly claimed responsibility, leaving investigators to consider multiple possible scenarios.
Potential Exploit of Citrix Vulnerability
Cybersecurity experts warn that the attack may be linked to a critical Citrix NetScaler vulnerability (CVE-2025-5777, also called Citrix Bleed 2), which has been actively exploited worldwide. Security researcher Kevin Beaumont previously flagged Pennsylvania’s public-facing Citrix devices as vulnerable, raising concerns that attackers could have used this flaw as the entry point.
Recent Shodan scans revealed that one of the Pennsylvania AG’s NetScaler appliances went offline on July 29, while another was shut down on August 7, just before the cyberattack was disclosed. This timeline suggests a possible correlation between the vulnerability and the breach.
Wider Global Cybersecurity Concerns
The vulnerability has been exploited since at least early May, targeting government and critical infrastructure globally. The Netherlands’ National Cyber Security Centre (NCSC) recently warned that several high-profile organizations, including the Dutch Public Prosecution Service (Openbaar Ministerie), were compromised due to the same flaw. Meanwhile, the Cybersecurity and Infrastructure Security Agency (CISA) has placed CVE-2025-5777 on its Known Exploited Vulnerabilities Catalog, ordering U.S. federal agencies to patch affected systems immediately.
Conclusion: A Wake-Up Call for State Cybersecurity
The Pennsylvania Attorney General’s Office cyberattack highlights the growing risks posed by unpatched vulnerabilities in public institutions. With ransomware groups and state-backed hackers constantly scanning for weaknesses, timely patching, strong cybersecurity defenses, and proactive monitoring are no longer optional—they are essential. Until systems are restored, the incident serves as a stark reminder of how fragile public services can become in the face of advanced cyber threats.
