Pennsylvania attorney general says cyberattack knocked phone, email systems offline

The office of Pennsylvania's attorney general is warning state residents that its email and phone lines are down as a result of a cyberattack.

The office published a statement on Monday afternoon saying it was investigating the cause of the incident and was working to restore services. Its website was still down as of Wednesday morning.

“This is a frustrating situation, and everyone is doing their very best. I am grateful for the dedication and professionalism of our Information Technology staff who are working around the clock to resolve the matter,” Attorney General Dave Sunday said on social media.

“In collaboration with our law enforcement partners, we will work diligently to restore systems. We will continue to do the work of protecting Pennsylvanians no matter the obstacle.”

The statement said prosecutors are still working on cases in spite of the cyberattack. Sunday took over the position in January after winning an election last fall.

The notice comes one month after prominent cybersecurity expert Kevin Beaumont said he came across devices connected to the office as he was searching the internet for exposed instances of Citrix NetScaler that are vulnerable to CVE-2025-5777, known colloquially as Citrix Bleed 2, and several other related bugs. 

Citrix NetScaler devices are used to ensure that websites and applications remain quickly accessible and the devices also facilitate remote work. Employees can remotely access corporate environments or the intranet of an organization via NetScaler Gateway.

The tools have faced widespread attacks since CVE-2025-5777 and bugs tracked as CVE-2025-5349 and CVE-2025-6543 came to light last month. 

In his search for vulnerable devices, Beaumont shared evidence of two internet-exposed Citrix NetScaler devices tied to the Office of the Attorney General of Pennsylvania that were later removed from the internet. 

The office provided an alternative email address for the press but did not respond to questions about whether the attack was conducted through Citrix NetScaler devices. 

Beaumont said the office’s NetScaler devices were taken offline over the last week and a half. 

On Monday, the Dutch National Cyber Security Centre released an urgent warning that hackers are still targeting Citrix NetScaler products and have successfully breached critical infrastructure organizations in the Netherlands through the vulnerabilities.

Two weeks ago, Dutch officials said the country’s Public Prosecution Service — the equivalent of the U.S. Justice Department — was impacted by the campaign of attacks on Citrix NetScaler devices. The attacks also hampered the court system of multiple Caribbean island governments that are still linked to The Netherlands.

The U.S. legal system is under constant pressure from various cyberthreats. Russia is suspected to be behind a breach of the filing system for federal courts, the New York Times reported on Tuesday. 

The office of Virginia’s attorney general responded to an unspecified cyberattack in February. Cleveland’s municipal courts shut down for several days earlier this year because of a cybersecurity incident. Washington’s state courts reported a breach in November 2024.