Nearly 2,000 Citrix NetScaler situations have been compromised with a backdoor by exploiting a essential safety vulnerability (CVE-2023-3519). NCC Group reported that the vulnerability was exploited in an automatic vogue, permitting adversaries to achieve persistent entry and execute arbitrary instructions, even on patched and rebooted servers. The vulnerability was patched by Citrix final month, however a follow-up evaluation by NCC Group revealed that 1,828 NetScaler servers stay backdoored, with 1,248 already patched. The compromised situations are primarily positioned in European nations. Surprisingly, no net shells have been discovered on weak servers in Canada, Russia, and the U.S. The mass exploitation marketing campaign is estimated to have compromised 6.3% of the weak NetScaler situations. Mandiant has additionally launched an open-source instrument to assist organizations scan their Citrix home equipment for proof of post-exploitation exercise associated to the vulnerability.
Source hyperlink
