PSA: bruteforce of Citrix Netscaler
https://borncity.com/win/2024/12/07/massive-wave-of-attacks-on-citrix-netscaler-gateways-since-5-and-6-dec-2024/
Edited 174d ago
Citrix advisory on Netscaler bruteforce: https://www.bleepingcomputer.com/news/security/citrix-shares-mitigations-for-ongoing-netscaler-password-spray-attacks/
Additional info on Netscaler bruteforce if it helps anybody:
- It started in late November and is targeting orgs worldwide
- usernames are scraped from LinkedIn profiles, same technique as the Cisco AnyConnect bruteforce activity all year
- A cybersecurity vendor has linked it to two CVEs from November, which a number of media outlets have run as fact. It’s false - those CVEs are not used at all.
- User agent is a python one
- in terms of actionable defence, enable MFA. If you haven’t:
Edited 170d ago
@GossiTheDog that AnyConnect spraying was so tedious.
