Security News > 2023 > August > Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign
A threat actor has compromised close to 2,000 thousand Citrix NetScaler servers in a massive campaign exploiting the critical-severity remote code execution tracked as CVE-2023-3519.
Security researchers at cybersecurity company Fox-IT and the Dutch Institute of Vulnerability Disclosure have discovered a large-scale campaign that planted webshells on Citrix Netscaler servers vulnerable to CVE-2023-3519.
On July 21, Cybersecurity and Infrastructure Security Agency warned that the vulnerability had been leveraged to breach a critical infrastructure organization in the U.S. Earlier this month, the non-profit organization The Shadowserver Foundation found that hackers had infected more than 640 Citrix NetScaler servers and planted web shells for remote access and persistence.
In a larger context, the 1,952 backdoored servers represent more than 6% of the 31,127 Citrix NetScaler instances vulnerable to CVE-2023-3519 at a global level when the campaign was active.
Another detail the researchers observed is that while Canada, Russia, and the U.S. had thousands of vulnerable NetScaler servers on July 21, they found compromising web shells on almost none of them.
Over 640 Citrix servers backdoored with web shells in ongoing attacks.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-19 | CVE-2023-3519 | Code Injection vulnerability in Citrix products Unauthenticated remote code execution | 9.8 |