Openbaar Ministerie (OM)

The Openbaar Ministerie (OM), the Public Prosecution Service of the Netherlands, suffered a severe operational disruption due to the exploitation of the Citrix NetScaler vulnerability CVE-2025-6543. The attack, which occurred as a zero-day exploit, led to significant downtime, with the organization only restoring its email servers and online services after an extended period. The attackers wiped traces of the intrusion, indicating a sophisticated and targeted cyber attack aimed at critical infrastructure. The breach caused substantial operational disruptions, affecting the organization's ability to function normally.

Source: https://www.bleepingcomputer.com/news/security/netherlands-citrix-netscaler-flaw-cve-2025-6543-exploited-to-breach-orgs/

TPRM report: https://www.rankiteo.com/company/openbaar-ministerie

"id": "ope217081225",
"linkid": "openbaar-ministerie",
"type": "Breach",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Public Prosecution Service',
                        'location': 'Netherlands',
                        'name': 'Openbaar Ministerie (OM)',
                        'type': 'Government'}],
 'attack_vector': 'Exploitation of CVE-2025-6543',
 'date_detected': '2025-05-01',
 'date_publicly_disclosed': '2025-06-25',
 'description': "The Netherlands' National Cyber Security Centre (NCSC) warned "
                'that a critical Citrix NetScaler vulnerability tracked as '
                'CVE-2025-6543 was exploited to breach critical organizations '
                'in the country. The flaw is a memory overflow bug allowing '
                'unintended control flow or denial of service. Attackers '
                'exploited it for remote code execution and wiped traces to '
                'conceal intrusions.',
 'impact': {'downtime': 'Severe operational disruption',
            'operational_impact': 'Severe'},
 'initial_access_broker': {'entry_point': 'CVE-2025-6543',
                           'reconnaissance_period': 'Since at least early May '
                                                    '2025'},
 'investigation_status': 'Ongoing',
 'motivation': 'Unknown',
 'post_incident_analysis': {'corrective_actions': 'Upgrade to patched '
                                                  'versions, end all active '
                                                  'sessions',
                            'root_causes': 'Exploitation of CVE-2025-6543'},
 'recommendations': 'Upgrade to patched versions, end all active sessions, '
                    'look for signs of compromise',
 'references': [{'source': 'NCSC Advisory'}, {'source': 'Citrix Advisory'}],
 'response': {'containment_measures': 'Upgrade to patched versions, end all '
                                      'active sessions',
              'incident_response_plan_activated': True,
              'recovery_measures': 'End all active sessions with specific '
                                   'commands',
              'remediation_measures': 'Upgrade to NetScaler ADC and NetScaler '
                                      'Gateway 14.1 version 14.1-47.46 and '
                                      'later, version 13.1-59.19 and later, '
                                      'and ADC 13.1-FIPS and 13.1-NDcPP '
                                      'version 13.1-37.236 and later'},
 'threat_actor': 'Unknown, advanced modus operandi',
 'title': 'Exploitation of Citrix NetScaler CVE-2025-6543 in the Netherlands',
 'type': 'Cyber Attack',
 'vulnerability_exploited': 'CVE-2025-6543'}