Over 640 Citrix servers backdoored with web shells in ongoing attacks (Updated)

[correlate]

[correlate]

Level 18
Thread author
Verified
Top Poster
Well-known
Forum Veteran
May 4, 2019
792
9,574
1,670
New York
Content source
https://www.bleepingcomputer.com/news/security/over-640-citrix-servers-backdoored-with-web-shells-in-ongoing-attacks/
Hundreds of Citrix Netscaler ADC and Gateway servers have already been breached and backdoored in a series of attacks targeting a critical remote code execution (RCE) vulnerability tracked as CVE-2023-3519.
The vulnerability was previously exploited as a zero-day breach of the network of a U.S.A. critical infrastructure organization.
Security researchers from the Shadowserver Foundation, a non-profit organization dedicated to enhancing internet security, have now disclosed that attackers had deployed web shells on at least 640 Citrix servers in these attacks.
Click to expand...
www.bleepingcomputer.com

Over 640 Citrix servers backdoored with web shells in ongoing attacks

Hundreds of Citrix Netscaler ADC and Gateway servers have already been breached and backdoored in a series of attacks targeting a critical remote code execution (RCE) vulnerability tracked as CVE-2023-3519.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • +Reputation
  • Wow
  • Like
Reactions: Andy Ful, Nevi, silversurfer and 4 others

RCE exploited to hack 6% of all vulnerable servers​

Security researchers at cybersecurity company Fox-IT (part of the NCC Group) and the Dutch Institute of Vulnerability Disclosure (DIVD) have discovered a large-scale campaign that planted webshells on Citrix Netscaler servers vulnerable to CVE-2023-3519.

Although the vulnerability received a patch on July 18, hackers started exploiting it in the wild as a zero-day to execute code without authentication.
Click to expand...
www.bleepingcomputer.com

Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign

A threat actor has compromised close to 2,000 thousand Citrix NetScaler servers in a massive campaign exploiting the critical-severity remote code execution tracked as CVE-2023-3519.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: harlan4096 and [correlate]

Citrix ADC Vulnerability IOC Scanner tool available​

Today, Mandiant released a scanner that enables organizations to examine their Citrix ADC and Citrix Gateway devices for signs of compromise and post-exploitation activity.

"The tool is designed to do a best effort job at identifying existing compromises," reads Mandiant's post.

"It will not identify a compromise 100% of the time, and it will not tell you if a device is vulnerable to exploitation."

Mandian't Ctrix IOC Scanner must be run directly on a device or a mounted forensic image, as it will scan the local filesystem and configuration files for the presence of various IOCs.

When finished, the scanner will display a summary detailing if it encountered any signs of compromise […]
Click to expand...
www.bleepingcomputer.com

New CVE-2023-3519 scanner detects hacked Citrix ADC, Gateway devices

Mandiant has released a scanner to check if a Citrix NetScaler Application Delivery Controller (ADC) or NetScaler Gateway Appliance was compromised in widespread attacks exploiting the CVE-2023-3519 vulnerability.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: harlan4096
You must log in or register to reply here.

You may also like...