Cloud Security, Vulnerability Management
Vulnerable Citrix NetScaler systems targeted by FIN8-linked attacker
Domain-wide cyberattacks have been deployed by suspected FIN8 hacking operation-linked threat actor STAC4663 against Citrix NetScaler systems vulnerable to the critical remote code execution flaw, tracked as CVE-2023-3519, BleepingComputer reports.
Aside from conducting payload injections and PHP webshell deployment, STAC4663 has also leveraged BlueVPS hosting, domain discovery, atypical PowerShell scripting, plink, and the PuTTY Secure Copy in its attacks against Citrix NetScaler ADC and NetScaler ADC instances, establishing a correlation between the intrusions and prior NetScaler attacks by the FIN8 hacking group initially reported by Fox-IT, according to Sophos X-Ops researchers.
Attacks also involved the utilization of two different command-and-control IP addresses, the first of which was used for malware staging, while the second was observed to be used to respond to the C2 software leveraged in the prior NetScaler attack campaign.
Immediate patching has been urged by Sophos researchers, who also issued an indicators of compromise list to better avert potential attacks.
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds