The title is not correct. They used credentials to get access to the vpn. How they moved laterally is obviously the interesting part anyway. Change the title, it gives cover to the lumbering behemoth that fault might lie anywhere besides UnitedHealths corrupt IT.
You are correct. I made a mistake with the title, it should say that access was acquired through a Citrix account without MFA as opposed to a direct Citrix bug. My bad. I will email mods to change it.
This Reuters[0] article is much more specific about saying it was a Citrix vulnerability, but since Citrix has not issued an official statement, it's better to have it changed to the default title.
Hackers Broke into Change Healthcare's Systems 9 Days Before Cyberattack (https://news.ycombinator.com/item?id=40127483) - Apr 2024 (27 comments)
BlackCat ransomware group implodes after apparent payment by Change Healthcare (https://news.ycombinator.com/item?id=39610846) - Mar 2024 (162 comments)
UnitedHealth says Change hackers stole health data on ‘substantial proportion of people in America’ (https://techcrunch.com/2024/04/22/unitedhealth-change-health...)