GRI

CISA Releases Update to Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells

News Cybersecurity English Guidance
Date: 6th Sep, 2023 Source: Cybersecurity and Infrastructure Security Agency Country: USA Original Source

Brief

Summary:

CISA has released an updated Cybersecurity Advisory (CSA) regarding the exploitation of Citrix CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability in NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. The updated CSA contains new threat actor tactics, techniques, and procedures (TTPs), as well as indicators of compromise (IOCs), and an additional victim. CISA recommends that critical infrastructure organizations review the advisory and prioritize patching known exploited vulnerabilities, such as Citrix CVE-2023-3519.

The Cybersecurity and Infrastructure Security Agency (CISA) has released an update to a previously published Cybersecurity Advisory (CSA), Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells. The CSA—originally released to warn network defenders of critical infrastructure organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway—contains victim information gathered in August 2023. Since July 2023, the Joint Cyber Defense Collaborative (JCDC) has facilitated continuous, real-time threat information sharing with and between partners on post-exploitation activity of CVE-2023-3519. JCDC consolidated and shared detection methods, threat actor tactics, techniques, and procedures (TTPs), and indicators of compromise (IOCs) received from industry and international partners. The updated CSA contains new TTPs as well as IOCs received from some of these partners and an additional victim.

CISA strongly urges all critical infrastructure organizations to review the advisory and follow the mitigation recommendations—such as prioritizing patching known exploited vulnerabilities like Citrix CVE-2023-3519.

To report incidents and anomalous activity, please contact CISA, either through the agency’s Incident Reporting System or the 24/7 Operations Center at report@cisa.gov or (888) 282-0870.  

Highlights content goes here...

Here is a long in-depth summary of the provided document using the provided template:

Summary:

The Cybersecurity and Infrastructure Security Agency (CISA) has released an updated Cybersecurity Advisory (CSA) regarding the exploitation of Citrix CVE-2023-3519 by threat actors to implant webshells. The original CSA was published to alert network defenders of critical infrastructure organizations about the vulnerability and to provide information on the threat actor’s tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs).

The updated CSA includes new TTPs and IOCs received from industry and international partners, as well as an additional victim. The Joint Cyber Defense Collaborative (JCDC), a collaborative effort between CISA and other organizations, has been facilitating real-time threat information sharing since July 2023. JCDC has provided detection methods, TTPs, and IOCs to partners, which have been consolidated and shared with CISA.

CISA urges critical infrastructure organizations to review the updated CSA and follow the recommended mitigation strategies, including prioritizing patching known exploited vulnerabilities like Citrix CVE-2023-3519. The advisory outlines the critical importance of addressing this vulnerability to prevent potential security breaches.

Furthermore, CISA encourages reported incidents and anomalous activity through its Incident Reporting System or the 24/7 Operations Center, which can be reached at report@cisa.gov or (888) 282-0870.

Overall, this updated CSA serves as a critical reminder of the ongoing threat posed by the exploitation of CVE-2023-3519 and the importance of robust cybersecurity measures to prevent and respond to potential security incidents.

Cybersecurity and Infrastructure Security Agency

Quick Insight
RADA.AI
RADA.AI
Hello! I'm RADA.AI - Regulatory Analysis and Decision Assistance. Your Intelligent guide for compliance and decision-making. How can i assist you today?
Suggested
Related Documents
Medical device salesperson reporting procedure guide
Date: 5th Feb, 2025 Source: Ministry of Health and Welfare (MOHW) Country: South Korea
News Healthcare & Pharma Guidance
​The EBA issues an Opinion in response to the European Commission’s proposed amendments to the EBA draft technical standards on conflicts of interests for issuers of asset-referenced tokens
Date: 5th Feb, 2025 Source: European Banking Authority (EBA) Country: European Union
News Financial services Guidance
Low risk waste positions: electrical equipment, including constituent parts and accessories
Date: 5th Feb, 2025 Source: Environment Agency (EA) Country: United Kingdom
News Environment Guidance

Form successfully submitted. One of our GRI rep will contact you shortly

Thanking You!

Click here

Enter your Email

Enter your registered username/email id.

Enter your Email

Enter your email id below to signup.

Enter your Email

Enter your email id below to signup.
Individual Plan
  • Designed for Growing Compliance Teams
$125 / month OR $1250 / year
Features
  • • Coverage for 20 jurisdictions
  • • Monitoring from 500+ regulatory authorities
  • • AI compliance summaries
  • • RaDa.ai : Single-Role
Best for: Researchers, Legal professionals, Academics
Subscribe Now
Enterprise Plan
  • Perfect for Global Enterprises
Contact for Pricing
Features
  • • Custom jurisdictional coverage
  • • Custom monitoring of regulatory authorities
  • • RaDa.ai : Customizable multi-role
  • • Custom reporting and dashboard capabilities
  • • API access for seamless integration
Best for: Law Firms, Corporations, Government Bodies
Contact Sales