Jump to content
Sign in to follow this  
chain

Friendly\' hackers are seemingly fixing the Citrix server hole – and leaving a nasty present behind

Recommended Posts

Hackers exploiting the high-profile Citrix CVE-2019-19781 flaw to compromise VPN gateways are now patching the servers to keep others out.

Researchers at FireEye report finding a hacking group (dubbed NOTROBIN) that has been bundling mitigation code for NetScaler servers with its exploits. In effect, the hackers exploit the flaw to get access to the server, kill any existing malware, set up their own backdoor, then block off the vulnerable code from future exploit attempts by mitigation.

Obviously, this is less of a noble gesture and more of a way to keep others out of the pwned boxes.

"Upon gaining access to a vulnerable NetScaler device, this actor cleans up known malware and deploys NOTROBIN to block subsequent exploitation attempts," the FireEye team explained.

"But all is not as it seems, as NOTROBIN maintains backdoor access for those who know a secret passphrase. FireEye believes that this actor may be quietly collecting access to NetScaler devices for a subsequent campaign."

 

Read more Here: https://www.theregister.co.uk/2020/01/17/hackers_patch_citrix_vulnerability/

Share this post


Link to post
Share on other sites
 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

Copywrite © 2020 ChainScriptz

×
  • Create New...