Security News > 2023 > August > Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign

Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign
2023-08-15 19:41

A threat actor has compromised close to 2,000 thousand Citrix NetScaler servers in a massive campaign exploiting the critical-severity remote code execution tracked as CVE-2023-3519.

Security researchers at cybersecurity company Fox-IT and the Dutch Institute of Vulnerability Disclosure have discovered a large-scale campaign that planted webshells on Citrix Netscaler servers vulnerable to CVE-2023-3519.

On July 21, Cybersecurity and Infrastructure Security Agency warned that the vulnerability had been leveraged to breach a critical infrastructure organization in the U.S. Earlier this month, the non-profit organization The Shadowserver Foundation found that hackers had infected more than 640 Citrix NetScaler servers and planted web shells for remote access and persistence.

In a larger context, the 1,952 backdoored servers represent more than 6% of the 31,127 Citrix NetScaler instances vulnerable to CVE-2023-3519 at a global level when the campaign was active.

Another detail the researchers observed is that while Canada, Russia, and the U.S. had thousands of vulnerable NetScaler servers on July 21, they found compromising web shells on almost none of them.

Over 640 Citrix servers backdoored with web shells in ongoing attacks.


News URL

https://www.bleepingcomputer.com/news/security/almost-2-000-citrix-netscaler-servers-backdoored-in-hacking-campaign/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-07-19 CVE-2023-3519 Code Injection vulnerability in Citrix products
Unauthenticated remote code execution
network
low complexity
citrix CWE-94
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 118 20 177 80 65 342