Cyber Attackers Exploit Citrix NetScaler Flaw to Steal User Credentials
A recent large-scale hacking campaign is taking advantage of a critical flaw in Citrix NetScaler Gateways, marked as CVE-2023-3519, to pilfer user credentials. This vulnerability, discovered as a zero-day in July, impacts Citrix NetScaler ADC and NetScaler Gateway, and has become a prime target for cybercriminals.
This threat actor has registered several domains for their campaign, and the campaign has impacted nearly 600 unique IP addresses of NetScaler devices worldwide. While the majority of victims are located in the United States and Europe, compromised systems span the globe.
This campaign has been ongoing for two months, with an early modification of the login page detected on August 11, 2023. However, IBM X-Force, which uncovered this activity, was unable to attribute it to any known threat group or cluster. In response to this campaign, organizations are urged to apply patches and change default login credentials for their devices.
This revelation comes in conjunction with the discovery of an updated version of the IZ1H9 Mirai-based DDoS campaign, emphasizing the importance of promptly addressing vulnerabilities and adopting strong security practices. Organizations should remain vigilant and proactive in safeguarding their systems against cyber threats.