Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign

Fox-IT and the Dutch Institute for Vulnerability Disclosure investigated an automated, large-scale exploitation of Citrix NetScaler (CVE-2023-3519) where adversaries deployed persistent webshells that allow arbitrary command execution even after patches or reboots; scans found roughly 2,491 webshells across 1,952 distinct NetScalers (1,828 still backdoored as of Aug 14, 2023) out of ~31,127 vulnerable devices, prompting IOC triage, forensic recommendations, and responsible disclosure to affected parties.