Security News > 2023 > August > Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability
Unpatched Citrix NetScaler systems exposed to the internet are being targeted by unknown threat actors in what's suspected to be a ransomware attack.
Attack chains involve the exploitation of CVE-2023-3519, a critical code injection vulnerability impacting NetScaler ADC and Gateway servers that could facilitate unauthenticated remote code execution.
Sophos said the modus operandi aligns "Closely" with that of an attack campaign that NCC Group Fox-IT disclosed earlier this month in which nearly 2,000 Citrix NetScaler systems were breached.
The attacks are also said to be linked to an earlier incident that used the same techniques minus the Citrix vulnerability.
"All this leads us to say it's probable that this is activity from a known threat actor specializing in ransomware attacks," the company said in a series of posts on X. Users of Citrix NetScaler ADC and Gateway appliances are highly recommended to apply the patches to mitigate potential threats.
The development comes as ransomware is on track to scale new highs in 2023, as threat actors are rapidly escalating their attacks by harnessing security flaws in widely used software to breach target environments.
News URL
https://thehackernews.com/2023/08/citrix-netscaler-alert-ransomware.html
Related news
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware (source)
- Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-19 | CVE-2023-3519 | Code Injection vulnerability in Citrix products Unauthenticated remote code execution | 9.8 |