The Pennsylvania Office of the Attorney General has been hit by a cyberattack that has disabled its phone and email systems, officials confirmed Monday. The incident, which is under active investigation, has also taken the office’s website offline, with disruptions continuing into Wednesday morning.
Attorney General Dave Sunday said in a statement that IT staff were “working around the clock” to restore services. Dave posted on social media that this is a frustrating situation, and everyone is doing their very best and that they will continue to do the work of protecting Pennsylvanians no matter the obstacle. Prosecutors remain engaged in ongoing cases despite the outage.
Data Protection and DPDP Act Readiness: Hundreds of Senior Leaders Sign Up for CDPO Program
Possible Link to Citrix NetScaler Vulnerabilities
The attack comes just one month after cybersecurity researcher Kevin Beaumont reported finding devices connected to the Pennsylvania Attorney General’s Office that were vulnerable to a set of Citrix NetScaler flaws, including CVE-2025-5777, widely known as Citrix Bleed 2, as well as CVE-2025-5349 and CVE-2025-6543.
Citrix NetScaler devices, used to keep websites and applications accessible and to facilitate secure remote access for employees, have been targeted in a wave of global cyberattacks since the vulnerabilities were disclosed last month. Beaumont said two internet-exposed NetScaler devices linked to the Attorney General’s Office were subsequently removed from public access.
While the office has not confirmed whether the breach exploited Citrix vulnerabilities, Beaumont noted that the devices were taken offline in the past week and a half.
Global Cyber Threat Landscape Expands
The Dutch National Cyber Security Centre issued an urgent advisory on Monday, warning that Citrix NetScaler products remain under active attack. Officials in the Netherlands said hackers have breached critical infrastructure and government institutions, including the Public Prosecution Service and several Caribbean island governments tied to the Netherlands.
In the United States, similar incidents have targeted judicial systems and legal offices. Virginia’s attorney general’s office suffered a cyberattack in February, Cleveland’s municipal courts were shut down for days earlier this year due to a security incident, and Washington state courts reported a breach in late 2024.