According to IBM, a credential harvesting campaign is targeting Citrix NetScaler gateways that haven’t been patched against a recent vulnerability. The vulnerability, tracked as CVE-2023-3519 (CVSS score of 9.8), was announced in July but has been exploited from June 2023, with some assaults targeting critical infrastructure companies.
By mid-August, threat actors had exploited this vulnerability as part of an automated effort, backdooring around 2,000 NetScaler instances. According to the Shadowserver Foundation, at least 1,350 NetScaler instances compromised in earlier assaults were detected in scans last week.x000D In September, IBM discovered a new malicious campaign targeting unpatched NetScaler devices in order to inject a script on the authentication screen and steal user credentials.