LockBit ransomware group assemble strike team to breach banks, law firms and governments.

LockBit has organized strike teams exploiting the Citrix NetScaler 'CitrixBleed' vulnerability to bypass MFA and gain internal remote-desktop-style access; they deploy remote access tools (notably Atera) to persist after patching, escalate privileges, disable EDR, steal data and deploy ransomware against large enterprises (including law firms and banks). Thousands of unpatched appliances remain exposed, multiple high-profile victims are being extorted (with at least one reported ransom payment), and the report stresses urgent enterprise patching, vendor accountability and law-enforcement action.