{
	"id": "76c87fca-f1c5-4d7e-a702-bd4c32f25872",
	"created_at": "2026-04-06T00:17:33.810807Z",
	"updated_at": "2026-04-10T03:21:54.578059Z",
	"deleted_at": null,
	"sha1_hash": "aef8d069f094aacc0dc50f69debec021d692749e",
	"title": "Business services giant Conduent hit by Maze Ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1257210,
	"plain_text": "Business services giant Conduent hit by Maze Ransomware\r\nBy Lawrence Abrams\r\nPublished: 2020-06-04 · Archived: 2026-04-05 16:22:41 UTC\r\nThe Maze Ransomware operators are claiming to have successfully attacked business services giant Conduent, where they\r\nstole unencrypted files and encrypted devices on their network.\r\nConduent is a New Jersey, USA based business services firm with 67,000 employees and a 2019 business revenue of $4.47\r\nbillion.\r\nToday, Maze Ransomware posted a new entry to their data leak site that states that they breached the network for\r\nConduent in May 2020.\r\nhttps://www.bleepingcomputer.com/news/security/business-services-giant-conduent-hit-by-maze-ransomware/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/business-services-giant-conduent-hit-by-maze-ransomware/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nConduent entry on Maze leak site\r\nWhen conducting an attack, the Maze Ransomware operators steal unencrypted files before deploying the ransomware. This\r\nstolen data and the threat of publicly releasing it is then used as leverage to 'persuade' the victim to pay a ransom.\r\nAs 'proof' that the threat actors breached Conduent, 1GB worth of files were posted that allegedly was stolen during the\r\nransomware attack. \r\nAlleged proof of the attack\r\nThe posted files are called 'BusinessIntelligence.zip' and 'Compliance1.zip' and include various financial spreadsheets,\r\ncustomer audits, invoices, commission statements, and other miscellaneous documents.\r\nhttps://www.bleepingcomputer.com/news/security/business-services-giant-conduent-hit-by-maze-ransomware/\r\nPage 3 of 5\n\nDue to the varied types of data already posted by the Maze gang, Conduent must disclose it as a data breach to their clients\r\nand employees.\r\nIn a statement to BleepingComputer, Conduent confirmed that they suffered a ransomware attack on May 29th, 2020 that\r\nimpacted services for approximately 10 hours.\r\n\"Conduent's European operations experienced a service interruption on Friday, May 29, 2020. Our system identified\r\nransomware, which was then addressed by our cybersecurity protocols. This interruption began at 12.45 AM CET on May\r\n29th with systems mostly back in production again by 10.00 AM CET that morning, and all systems have since then been\r\nrestored. This resulted in a partial interruption to the services that we provide to some clients. As our investigation continues,\r\nwe have on-going internal and external security forensics and anti-virus teams reviewing and monitoring our European\r\ninfrastructure.\"\r\nPossible breach through Citrix Netscaler vulnerability\r\nThreat intelligence company Bad Packets stated that for at least eight weeks, between December 17, 2019, and at least\r\nFebruary 14, 2020, Conduent had a Citrix server exposed that was vulnerable to the CVE-2019-19781 vulnerability.\r\nThis vulnerability was patched in January 2020 and allowed attackers to perform remote code execution on vulnerable\r\ndevices.\r\nUsing these devices as a staging area, attackers would then spread laterally throughout the internal network as they\r\ncompromise further devices.\r\nThe CVE-2019-19781 vulnerability is known to be used by threat actors in the past to breach networks and deploy\r\nransomware.\r\nIn a report highlighting human-operated ransomware, the Microsoft Threat Protection Intelligence Team states that\r\nDoppelPaymer and RobbinHood have been seen utilizing the vulnerability to breach corporate networks.\r\nIn April 2020, when we broke the news that Maze breached IT services company Cognizant, Bad Packets also found\r\nvulnerable Citrix NetScaler gateways on their network.\r\nhttps://www.bleepingcomputer.com/news/security/business-services-giant-conduent-hit-by-maze-ransomware/\r\nPage 4 of 5\n\nHmm... was it those vulnerable Citrix (NetScaler) gateways?\r\n— Bad Packets Report (@bad_packets) April 18, 2020\r\nWhile it is not confirmed if this vulnerability was used as part of this attack, the Maze Ransomware operators have been\r\nknown to use vulnerabilities to gain access to networks in the past.\r\nUpdated 6/4/20 1:52 PM EST: Added more information about Citrix Netscaler devices being used by Conduent in the past.\r\nUpdated 6/4/20 4:10 PM EST: Added statement from Conduent.\r\nH/T UnderTheBreach\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/business-services-giant-conduent-hit-by-maze-ransomware/\r\nhttps://www.bleepingcomputer.com/news/security/business-services-giant-conduent-hit-by-maze-ransomware/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/business-services-giant-conduent-hit-by-maze-ransomware/"
	],
	"report_names": [
		"business-services-giant-conduent-hit-by-maze-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434653,
	"ts_updated_at": 1775791314,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/aef8d069f094aacc0dc50f69debec021d692749e.pdf",
		"text": "https://archive.orkl.eu/aef8d069f094aacc0dc50f69debec021d692749e.txt",
		"img": "https://archive.orkl.eu/aef8d069f094aacc0dc50f69debec021d692749e.jpg"
	}
}