Alert - Threat Actors exploiting Citrix CVE-2023-3519 to implant Webshells - CISA cybersecurity advisory

Number: AL23-009
Date: July 21, 2023

Audience

This Alert is intended for IT professionals and managers of notified organizations.

Purpose

An Alert is used to raise awareness of a recently identified cyber threat Cyber threatA threat actor, using the internet, who takes advantage of a known vulnerability in a product for the purposes of exploiting a network and the information the network carries. that may impact cyber information assets, and to provide additional detection DetectionThe monitoring and analyzing of system events in order to identify unauthorized attempts to access system resources. and mitigation advice to recipients. The Canadian Centre for Cyber Security Cyber securityThe protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cyber security includes the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability. ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.

Details

On July 18, 2023, the Cyber Centre published AV23-416Footnote 1 highlighting multiple vulnerabilities in NetScaler (formally Citrix) Application Delivery Controller (ADC) and NetScaler Gateway GatewayAn intermediate system that is the interface between two computer networks. A gateway can be a server, firewall, router, or other device that enables data to flow through a network. appliances. The advisory raised awareness that vulnerabilities existed and that one had been exploited.

On July 20, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) published a Cybersecurity Advisory (CSA)Footnote 2 in response to cyber threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. affecting NetScaler Application Delivery Controllers (ADC) and NetScaler Gateways.

The Cybersecurity Advisory (CSA) provides awareness of exploitation, technical details of the exploit activity, tactics, techniques, and procedures (TTPs) used by threat actors, detection methods and mitigations. Additional guidance is available in the Cyber Centre’s Top 10 IT security actions to protect Internet connected networks and information (ITSM.00.089)Footnote 3. These publications are based on analysis of cyber threat trends to help minimize intrusions or the impacts of a successful cyber intrusion.

Should activity matching the content of this alert be discovered, recipients are encouraged to report via the My Cyber Portal, or email contact@cyber.gc.ca.

Date modified: