In domain-wide attacks, a threat actor thought to be affiliated with the FIN8 hacking gang compromises unpatched Citrix NetScaler systems by using the CVE-2023-3519 remote code execution flaw.
Since the middle of August, Sophos has been keeping an eye on this campaign and has discovered that the threat actor performs payload injections, employs BlueVPS for malware distribution, distributes obfuscated PowerShell scripts, and dumps PHP webshells on victims’ computers.
Sophos analysts have concluded that the two actions are connected because of similarities to another attack they saw earlier in the summer, with the threat actor specializing in ransomware attacks read more Attacks on Citrix NetScaler systems linked to ransomware actor.
Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.