Cyberattack cripples Pennsylvania Attorney General’s office systems

The Pennsylvania Office of the Attorney General is working to recover from a major cyberattack that has knocked out its website, landline phones and email systems, Attorney General Dave Sunday confirmed Monday.

Sunday said on social media that staff members are collaborating with law enforcement to investigate the incident and restore affected services. “The network that hosts the Office of Attorney General’s systems is currently down,” he said, adding that employees are taking steps to determine the cause of the attack and minimize interruptions to ongoing work on behalf of the Commonwealth.

Officials have not identified the perpetrators, but the scale and severity of the outage suggest characteristics of a ransomware attack. No group has claimed responsibility. As of Monday evening, the office’s website remained offline.

The method used to breach the network has not been disclosed. However, cybersecurity researcher Kevin Beaumont reported last month that multiple public-facing Citrix NetScaler devices on the attorney general’s network were susceptible to a critical vulnerability known as CVE-2025-5777, or Citrix Bleed 2. According to Beaumont’s scans, one of the devices went offline July 29 and the other on August 7, shortly before the attack was disclosed.

The vulnerability has been actively exploited since at least early May, according to the Netherlands’ National Cyber Security Centre, which warned that attackers have breached several critical organizations using the flaw. The Dutch Public Prosecution Service, or Openbaar Ministerie, suffered a breach in July that disrupted operations for weeks.

On Monday, the nonprofit Shadowserver Foundation said more than 3,300 Citrix NetScaler appliances worldwide remain vulnerable to CVE-2025-5777. The U.S. Cybersecurity and Infrastructure Security Agency has added the flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to apply patches immediately to protect against active attacks.