A known threat actor specializing in ransomware attacks is believed to be behind a recent campaign that targeted unpatched internet-facing Citrix NetScaler systems to serve as an initial foothold into enterprise networks. “Our data indicates strong similarity between attacks using CVE-2023-3519 and previous attacks using a number of the same TTPs,” Sophos researchers shared. Citrix systems under attack In mid-July 2023, a zero-day remote code execution (RCE) vulnerability (CVE-2023-3519) started getting exploited in the wild. … More

The post Ransomware group exploits Citrix NetScaler systems for initial access appeared first on Help Net Security.