Patch-resistant autonomous exploits of Citrix NetScaler hardware hit thousands in Europe


Thousands of devices, including those that were later patched, were backdoored by an extensive and active attack campaign that took use of a serious Citrix NetScaler vulnerability, according to researchers. Attackers automated the deployment of web shells on affected devices by exploiting the remote code execution vulnerability, identified as CVE-2023-3519. These were discovered to endure reboots and patches.

At the time of their discovery, about 69% of the backdoored NetScalers were no longer vulnerable to CVE-2023-3519, leading researchers to caution administrators who have already dealt with the Citrix patch not to be fooled into thinking they are safe. NCC Group and Fox-IT, a division of NCC Group, in conjunction with the Dutch Institute of Vulnerability Disclosure (DIVD), made the public aware of the initiative.

Read More…