Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
NCC Group warns that even patches may not save you.
Cybersecurity company NCC Group said in a report that nearly 2,000 Citrix NetScaler instances were compromised. Attackers exploited the recently discovered critical vulnerability CVE-2023-3519. Presumably, it was useful for installing web shells and gaining permanent access to vulnerable servers. Experts note a high risk of such attacks, as defects in corporate network devices can lead to valuable data and infrastructure.
According to the report, even if the vulnerability was fixed by an update or reboot, attackers can still execute arbitrary commands through the remaining backdoors. Analysts recommend checking systems for malicious scripts and traces of hacking after updates.
An independent study by the NCC Group found that about 1,828 NetScaler servers remain compromised, despite the application of patches.
A total of 2,491 web shells were found on 1,952 devices. Most of the compromised servers are located in Europe, in particular in Germany, France, Switzerland and other countries in the region.
The Shadowserver Foundation has already warned about the CVE-2023-3519 vulnerability in Citrix systems. Experts counted about 7,000 uncorrected NetScaler devices on the Internet.
The current campaign is estimated to have affected 6.3% of the more than 30,000 Citrix servers that remained vulnerable as of July 21.
Mandiant has also released a special tool for finding traces of compromise related to CVE-2023-3519. Using such monitoring tools will help organizations detect and prevent future cyber attacks.
Cybersecurity company NCC Group said in a report that nearly 2,000 Citrix NetScaler instances were compromised. Attackers exploited the recently discovered critical vulnerability CVE-2023-3519. Presumably, it was useful for installing web shells and gaining permanent access to vulnerable servers. Experts note a high risk of such attacks, as defects in corporate network devices can lead to valuable data and infrastructure.
According to the report, even if the vulnerability was fixed by an update or reboot, attackers can still execute arbitrary commands through the remaining backdoors. Analysts recommend checking systems for malicious scripts and traces of hacking after updates.
An independent study by the NCC Group found that about 1,828 NetScaler servers remain compromised, despite the application of patches.
A total of 2,491 web shells were found on 1,952 devices. Most of the compromised servers are located in Europe, in particular in Germany, France, Switzerland and other countries in the region.
The Shadowserver Foundation has already warned about the CVE-2023-3519 vulnerability in Citrix systems. Experts counted about 7,000 uncorrected NetScaler devices on the Internet.
The current campaign is estimated to have affected 6.3% of the more than 30,000 Citrix servers that remained vulnerable as of July 21.
Mandiant has also released a special tool for finding traces of compromise related to CVE-2023-3519. Using such monitoring tools will help organizations detect and prevent future cyber attacks.
