Threat actors are leveraging the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, to target government, technical, and legal organizations in the Americas, Europe, Africa, and the Asia-Pacific region.
Researchers from Mandiant report that four ongoing campaigns target vulnerable Citrix NetScaler ADC and Gateway appliances, with attacks underway since late August 2023.
The security company has seen post-exploitation activity related to credential theft and lateral movement, warning that exploitation leaves behind limited forensic evidence, making these attacks particularly stealthy. Read More..