Over 640 Citrix servers backdoored with web shells in ongoing attacks (Updated)

[correlate]

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
Content source
https://www.bleepingcomputer.com/news/security/over-640-citrix-servers-backdoored-with-web-shells-in-ongoing-attacks/
Hundreds of Citrix Netscaler ADC and Gateway servers have already been breached and backdoored in a series of attacks targeting a critical remote code execution (RCE) vulnerability tracked as CVE-2023-3519.
The vulnerability was previously exploited as a zero-day breach of the network of a U.S.A. critical infrastructure organization.
Security researchers from the Shadowserver Foundation, a non-profit organization dedicated to enhancing internet security, have now disclosed that attackers had deployed web shells on at least 640 Citrix servers in these attacks.
Click to expand...
www.bleepingcomputer.com

Over 640 Citrix servers backdoored with web shells in ongoing attacks

Hundreds of Citrix Netscaler ADC and Gateway servers have already been breached and backdoored in a series of attacks targeting a critical remote code execution (RCE) vulnerability tracked as CVE-2023-3519.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • +Reputation
  • Wow
  • Like
Reactions: Andy Ful, Nevi, silversurfer and 4 others
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361

RCE exploited to hack 6% of all vulnerable servers​

Security researchers at cybersecurity company Fox-IT (part of the NCC Group) and the Dutch Institute of Vulnerability Disclosure (DIVD) have discovered a large-scale campaign that planted webshells on Citrix Netscaler servers vulnerable to CVE-2023-3519.

Although the vulnerability received a patch on July 18, hackers started exploiting it in the wild as a zero-day to execute code without authentication.
Click to expand...
www.bleepingcomputer.com

Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign

A threat actor has compromised close to 2,000 thousand Citrix NetScaler servers in a massive campaign exploiting the critical-severity remote code execution tracked as CVE-2023-3519.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: harlan4096 and [correlate]
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361

Citrix ADC Vulnerability IOC Scanner tool available​

Today, Mandiant released a scanner that enables organizations to examine their Citrix ADC and Citrix Gateway devices for signs of compromise and post-exploitation activity.

"The tool is designed to do a best effort job at identifying existing compromises," reads Mandiant's post.

"It will not identify a compromise 100% of the time, and it will not tell you if a device is vulnerable to exploitation."

Mandian't Ctrix IOC Scanner must be run directly on a device or a mounted forensic image, as it will scan the local filesystem and configuration files for the presence of various IOCs.

When finished, the scanner will display a summary detailing if it encountered any signs of compromise […]
Click to expand...
www.bleepingcomputer.com

New CVE-2023-3519 scanner detects hacked Citrix ADC, Gateway devices

Mandiant has released a scanner to check if a Citrix NetScaler Application Delivery Controller (ADC) or NetScaler Gateway Appliance was compromised in widespread attacks exploiting the CVE-2023-3519 vulnerability.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: harlan4096
You must log in or register to reply here.

Similar threads

[correlate]
    • Like
    • +Reputation
Millions of Exim mail servers exposed to zero-day RCE attacks
Replies
0
Views
1,352
News Archive
[correlate]
[correlate]
silversurfer
    • Like
    • +Reputation
    • Wow
'ShroudedSnooper' Backdoors Use Ultra-Stealth in Mideast Telecom Attacks
Replies
0
Views
1,249
News Archive
silversurfer
silversurfer
Bot
Security News Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool
Replies
0
Views
458
Security News
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top