Security News > 2023 > August > Attacks on Citrix NetScaler systems linked to ransomware actor
A threat actor believed to be tied to the FIN8 hacking group exploits the CVE-2023-3519 remote code execution flaw to compromise unpatched Citrix NetScaler systems in domain-wide attacks.
Resemblances to another attack that Sophos analysts observed earlier in the summer have led the analysts to deduce that the two activities are linked, with the threat actor specializing in ransomware attacks.
CVE-2023-3519 is a critical-severity code injection flaw in Citrix NetScaler ADC and NetScaler Gateway, discovered as an actively exploited zero-day in mid-July 2023.
By mid-August, over 31,000 Citrix NetScaler instances remained vulnerable to CVE-2023-3519, more than a month after the security update was made available, giving threat actors plenty of opportunity for attacks.
Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign.
Over 15K Citrix servers vulnerable to CVE-2023-3519 RCE attacks.
News URL
Related news
- French govt contractor Atos denies Space Bears ransomware attack claims (source)
- Casio says data of 8,500 people exposed in October ransomware attack (source)
- Preventing the next ransomware attack with help from AI (source)
- Ransomware on ESXi: The mechanization of virtualized attacks (source)
- OneBlood confirms personal data stolen in July ransomware attack (source)
- Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M (source)
- Medusa ransomware group claims attack on UK's Gateshead Council (source)
- Ransomware attack forces Brit high school to shut doors (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Security pros more confident about fending off ransomware, despite being battered by attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-19 | CVE-2023-3519 | Code Injection vulnerability in Citrix products Unauthenticated remote code execution | 9.8 |