[CDP-development] CISA Advisory on Threat Actors Exploiting Citrix CVE-2023-3519

Masse, Theresa theresa.masse at cisa.dhs.gov
Thu Jul 20 15:57:09 PDT 2023 

FYSA





Today, the Cybersecurity and Infrastructure Security Agency (CISA) published a Cybersecurity Advisory (CSA)<https://www.cisa.gov/sites/default/files/2023-07/aa23-201a_csa_threat_actors_exploiting_citrix-cve-2023-3519_to_implant_webshells.pdf> that warns all organizations about exploitation of a vulnerability (common exposures and vulnerabilities (CVE)) affecting the NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway.



In June 2023, threat actors exploited CVE-2023-3519, an unauthenticated remote code execution vulnerability, as a zero day to drop a webshell on a critical infrastructure organization’s NetScaler ADC appliance. The webshell enabled the actors to perform discovery on the victim’s active directory (AD) and collect and exfiltrate AD data. The actors attempted to move laterally to a domain controller but network-segmentation controls for the appliance blocked movement.



This advisory provides tactics, techniques, and procedures (TTPs) and victim-created detection guidance is provided to help network defenders check for signs of compromise. If no compromise is detected, organizations should immediately apply patches provided by Citrix.



All organizations are strongly urged to review the advisory, check to determine if this activity is on their networks, conduct incident response if compromise is detected, and implement recommended mitigations.



Theresa A. Masse
Cybersecurity State Coordinator/Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image001.png at 01D9BB22.C834DC90]






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230720/5837b9f5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16152 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230720/5837b9f5/attachment-0001.png>

More information about the CDP-development mailing list