74.6 F
Washington D.C.
Thursday, May 23, 2024

CISA Releases Cybersecurity Advisory on Threat Actors Exploiting Citrix CVE-2023-3519

The webshell enabled the actors to perform discovery on the victim’s active directory (AD) and collect and exfiltrate AD data.

The Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Advisory (CSA), Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells, to warn organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as a zero-day to drop a webshell on a critical infrastructure organization’s NetScaler ADC appliance. The webshell enabled the actors to perform discovery on the victim’s active directory (AD) and collect and exfiltrate AD data. The actors attempted to move laterally to a domain controller but network-segmentation controls for the appliance blocked movement.

This CSA details tactics, techniques, and procedures (TTPs) shared with CISA by the victim.

If activity is detected, CISA strongly urges all critical infrastructure organizations follow the recommendations found within this advisory, such as prioritizing patching known exploited vulnerabilities like Citrix CVE-2023-3519.

To report incidents and anomalous activity, please contact CISA, either through the agency’s Incident Reporting System or the 24/7 Operations Center at [email protected] or (888) 282-0870.

Read more at CISA

author avatar
Homeland Security Today
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.
Homeland Security Today
Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

Latest Articles