The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on Thursday warning that the newly disclosed critical security flaw in Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices is being abused to drop web shells on vulnerable systems.
“In June 2023, threat actors exploited this vulnerability as a zero-day to drop a web shell on a critical infrastructure organization’s non-production environment NetScaler ADC appliance,” the agency said.
“The web shell enabled the actors to perform discovery on the victim’s active directory (AD) and collect and exfiltrate AD data. The actors attempted to move laterally to a domain controller but network segmentation controls for the appliance blocked movement.”
