image credit: Adobe Stock

Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability

August 29, 2023

Unpatched Citrix NetScaler systems exposed to the internet are being targeted by unknown threat actors in what’s suspected to be a ransomware attack.

Cybersecurity company Sophos is tracking the activity cluster under the moniker STAC4663.

Attack chains involve the exploitation of CVE-2023-3519, a critical code injection vulnerability impacting NetScaler ADC and Gateway servers that could facilitate unauthenticated remote code execution.

In one intrusion detected in mid-August 2023, the security flaw is said to have been used to conduct a domain-wide attack, including injecting payloads into legitimate executables such as the Windows Update Agent (wuauclt.exe) and the Windows Management Instrumentation Provider Service (wmiprvse.exe). An analysis of the payload is underway.

Read More on The Hacker News