Unpatched Citrix NetScaler systems are compromised in domain-wide attacks by a threat actor believed to be linked with the FIN8 hacker organisation exploiting the CVE-2023-3519 remote code execution vulnerability.
Sophos has been keeping an eye on this campaign since the middle of August, and it has learned that the threat actor executes payload injections, using BlueVPS for malware distribution, delivers obfuscated PowerShell scripts, and drops PHP webshells on victim machines.
The similarities to another operation spotted earlier this summer by Sophos experts have led the analysts to conclude that the two actions are linked, with the threat actor specialising in ransomware attacks.
CVE-2023-3519 is a critical-severity (CVSS score: 9.8) code injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway that was identified in mid-July 2023 as an actively exploited zero-day.
The vendor issued security
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: