adulau/misp-circl-feed
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/946c05c1-d7b6-4420-b88a-aa2b24addd81.json

743 lines
No EOL
30 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2024-12-16",
"extends_uuid": "",
"info": "Mitigating Brute Force Attacks on NetScaler Devices",
"publish_timestamp": "1734347050",
"published": true,
"threat_level_id": "4",
"timestamp": "1734347035",
"uuid": "946c05c1-d7b6-4420-b88a-aa2b24addd81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": false,
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": false,
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:clear",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-attack-pattern=\"Conduct active scanning - T1254\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:preventive-measure=\"Packet filtering\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345825",
"to_ids": true,
"type": "ip-dst",
"uuid": "31573b36-b08b-4873-8094-c1936847e7c8",
"value": "45.145.4.0/24"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345825",
"to_ids": true,
"type": "ip-dst",
"uuid": "2241864c-35eb-4ee6-a0f1-4ec67f8ef9c3",
"value": "45.8.227.246"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "284b55b0-d5ee-4609-83e2-40efc44b66f5",
"value": "212.87.223.3"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "0715ffef-4d46-4ffc-9276-cb6a66a765fe",
"value": "185.92.182.129"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "08d82001-a8f7-4780-9033-170e86487a76",
"value": "185.92.180.100"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "046d7ecb-dd0c-487b-b8eb-a1af38286b9e",
"value": "185.92.180.185"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "52d0f898-255e-49f8-a177-9c2ec10f9da4",
"value": "185.92.182.172"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "b5f9be19-e964-4332-9af2-89ba94cb3a33",
"value": "185.92.182.0/24"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "bc09c100-0c0e-4852-a5f2-6399aaf41467",
"value": "185.92.180.0/24"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "a472844e-9746-4308-8cc2-87eb74639a4f",
"value": "194.113.37.91"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "b106d484-d480-47cb-99c0-47ac05b98041",
"value": "185.92.182.174"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "391c143c-726a-4aab-879d-9f535914b967",
"value": "185.92.182.86"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "8f64f0c5-600a-4dec-9bc1-b8e785e031a9",
"value": "46.8.227.238"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "441d1664-7ea0-4547-adb0-a8f4e30140cf",
"value": "46.8.227.171"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "e3066d3c-82f9-44c7-8790-d9e62f42edf7",
"value": "194.113.37.0/24"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "e37e3190-5b25-46e2-be76-32e3e60574aa",
"value": "212.87.223.207"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "23c24288-6e63-4009-a3d8-20a245341540",
"value": "194.113.37.116"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "5c2d9e9c-c7ab-49f2-9461-d733af0a8289",
"value": "212.87.223.170"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "b8cc62c8-286c-4255-9ba8-215550faa28d",
"value": "45.159.209.0/24"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "0d20f396-4099-4afa-95a7-d2c544b1f290",
"value": "194.113.37.214"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "6dc64e4a-0d4e-4dd6-a5c4-eb82c471ce16",
"value": "212.87.223.78"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "85f9f943-c2ee-441e-9f2f-81fd9194aefe",
"value": "194.113.37.193"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "0555d414-3853-4c7a-a04c-600f79d4f462",
"value": "46.8.227.71"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "80807cd4-8f64-4ad5-bc35-628877d387ef",
"value": "188.130.207.178"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "620e4360-1062-4347-8316-1e5edf0cb6c9",
"value": "193.242.145.120"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "b045e3d3-28f0-4999-9a96-8d566374435a",
"value": "194.113.37.180"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "fdeddaf1-ec00-49ad-bcfe-d5d24b0844ad",
"value": "212.87.223.140"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "de11106a-129e-4bcb-a613-32fc55f1e691",
"value": "95.182.96.42"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "c80294a5-c920-4dd6-9007-b1aecdc4cf7c",
"value": "109.120.136.0/24"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "3726e4b4-b568-471a-91ca-4b492dd86183",
"value": "193.124.254.0/24"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734345826",
"to_ids": true,
"type": "ip-dst",
"uuid": "0e395874-524f-41ee-b188-182c9563ca63",
"value": "208.115.218.90"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734346685",
"to_ids": false,
"type": "vulnerability",
"uuid": "4ccbffaf-8b50-4f5a-9027-a33f27134336",
"value": "CVE-2024-8534"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1734346685",
"to_ids": false,
"type": "vulnerability",
"uuid": "823185bb-6f68-41b0-8a2c-1132e7b87d22",
"value": "CVE-2024-8535"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Report object to describe a report along with its metadata.",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "8",
"timestamp": "1734345731",
"uuid": "6fe2cc54-eead-4e28-a5a0-3342f1db2440",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1734345731",
"to_ids": false,
"type": "link",
"uuid": "693f4d2c-369e-402c-bc1f-c644029c9653",
"value": "https://www.cyderes.com/blog/mitigating-brute-force-attacks-on-netscaler-devices"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "summary",
"timestamp": "1734345731",
"to_ids": false,
"type": "text",
"uuid": "dbc1649b-e121-4264-abc4-51341aa994b6",
"value": "In recent weeks, Cyderes has observed a significant uptick in brute force attacks targeting Citrix NetScaler devices, across multiple client environments.\r\n\r\nThese attacks, emanating primarily from a cloud provider based in Hong Kong, exploit misconfigured or outdated systems. They coincide with recent critical vulnerability disclosures affecting Citrix NetScaler, underscoring the urgent need for organizations to act decisively to protect their infrastructure."
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1734345731",
"to_ids": false,
"type": "text",
"uuid": "d7a75be6-c663-4724-8cff-408de42b0e64",
"value": "Blog"
}
]
},
{
"comment": "CVE-2024-8534: Enriched via the vulnerability_lookup module",
"deleted": false,
"description": "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.",
"meta-category": "vulnerability",
"name": "vulnerability",
"template_uuid": "81650945-f186-437b-8945-9f31715d32da",
"template_version": "8",
"timestamp": "1734346769",
"uuid": "5f2ef797-8ce2-418f-955e-50b5d8942eb8",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5f2ef797-8ce2-418f-955e-50b5d8942eb8",
"referenced_uuid": "4ccbffaf-8b50-4f5a-9027-a33f27134336",
"relationship_type": "related-to",
"timestamp": "1734346769",
"uuid": "a4c83729-744a-40a3-95a7-f552c651c3cf"
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "id",
"timestamp": "1734346769",
"to_ids": false,
"type": "vulnerability",
"uuid": "3ad21619-9122-4c08-ae30-d06419e90dad",
"value": "CVE-2024-8534"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "published",
"timestamp": "1734346769",
"to_ids": false,
"type": "datetime",
"uuid": "a57ab3d5-81e8-413a-8214-a1ffe362f299",
"value": "2024-11-12T18:15:44.673000+00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "modified",
"timestamp": "1734346769",
"to_ids": false,
"type": "datetime",
"uuid": "124405ba-3f0a-443b-a5a3-74fd079a5a02",
"value": "2024-11-21T16:19:44.438000+00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1734346769",
"to_ids": false,
"type": "text",
"uuid": "ace8b20b-fd06-418e-b49f-d760b781707f",
"value": "PUBLISHED"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "references",
"timestamp": "1734346769",
"to_ids": false,
"type": "link",
"uuid": "e49cbbfd-d7f7-4b15-942a-284ec18f35b7",
"value": "https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US"
}
]
},
{
"comment": "CVE-2024-8535: Enriched via the vulnerability_lookup module",
"deleted": false,
"description": "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.",
"meta-category": "vulnerability",
"name": "vulnerability",
"template_uuid": "81650945-f186-437b-8945-9f31715d32da",
"template_version": "8",
"timestamp": "1734346779",
"uuid": "1e0e56bb-b5c6-416a-9650-68fe8d10fa82",
"ObjectReference": [
{
"comment": "",
"object_uuid": "1e0e56bb-b5c6-416a-9650-68fe8d10fa82",
"referenced_uuid": "823185bb-6f68-41b0-8a2c-1132e7b87d22",
"relationship_type": "related-to",
"timestamp": "1734346779",
"uuid": "1012edef-9b7b-44d2-b4b1-3f5201b817df"
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "id",
"timestamp": "1734346779",
"to_ids": false,
"type": "vulnerability",
"uuid": "263f2054-b3dc-493c-a380-537d127c18cf",
"value": "CVE-2024-8535"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "published",
"timestamp": "1734346779",
"to_ids": false,
"type": "datetime",
"uuid": "48da54a2-b70a-453e-ba69-56aafdbcd2c9",
"value": "2024-11-12T18:28:51.398000+00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "modified",
"timestamp": "1734346779",
"to_ids": false,
"type": "datetime",
"uuid": "bfca613c-423b-4bf2-bd0b-2690a14d5e11",
"value": "2024-11-21T16:18:12.855000+00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1734346779",
"to_ids": false,
"type": "text",
"uuid": "3cfe8ed7-a13c-4b55-b1db-0e27248ec542",
"value": "PUBLISHED"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "references",
"timestamp": "1734346779",
"to_ids": false,
"type": "link",
"uuid": "c639ddef-08d6-4469-a4b6-51d57bb49b3b",
"value": "https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US"
}
]
},
{
"comment": "CVE-2024-8535: Enriched via the vulnerability_lookup module",
"deleted": false,
"description": "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.",
"meta-category": "vulnerability",
"name": "vulnerability",
"template_uuid": "81650945-f186-437b-8945-9f31715d32da",
"template_version": "8",
"timestamp": "1734346835",
"uuid": "36ebd4a8-4c41-48f4-9ebe-9037e9c01e09",
"ObjectReference": [
{
"comment": "",
"object_uuid": "36ebd4a8-4c41-48f4-9ebe-9037e9c01e09",
"referenced_uuid": "823185bb-6f68-41b0-8a2c-1132e7b87d22",
"relationship_type": "related-to",
"timestamp": "1734346835",
"uuid": "fc6ccb15-8077-4b3a-8b5b-c03b728b3f35"
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "id",
"timestamp": "1734346835",
"to_ids": false,
"type": "vulnerability",
"uuid": "f65cdd53-1733-46b1-a5bf-fb5bc987b7f4",
"value": "CVE-2024-8535"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "published",
"timestamp": "1734346835",
"to_ids": false,
"type": "datetime",
"uuid": "c0270c93-1d05-460f-ab5a-b862376b4980",
"value": "2024-11-12T18:28:51.398000+00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "modified",
"timestamp": "1734346835",
"to_ids": false,
"type": "datetime",
"uuid": "fb350476-0776-4ce7-a16c-917ac957e277",
"value": "2024-11-21T16:18:12.855000+00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1734346835",
"to_ids": false,
"type": "text",
"uuid": "8a92f154-d0d2-4666-97a0-7c4606499902",
"value": "PUBLISHED"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "references",
"timestamp": "1734346835",
"to_ids": false,
"type": "link",
"uuid": "a6e2360f-6282-4286-acfc-9e2dbe9f78c4",
"value": "https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US"
}
]
}
],
"EventReport": [
{
"name": "Report from - https://www.cyderes.com/blog/mitigating-brute-force-attacks-on-netscaler-devices (1734345747)",
"content": "###### Blog\n\n\n\n\n# Cyderes Advisory\n\n\n\n\nMitigating Brute Force Attacks on NetScaler Devices\n\n\n\n\n\r\n Ethan Fite\r\n \n\n\r\n December 05, 2024\r\n \n\n\n \n\n\n###### Share this:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nArticle contributed by Ethan Fite\n\n\n\n\u00a0\n\n\nIn recent weeks, Cyderes has observed a significant uptick in brute force attacks targeting Citrix NetScaler devices, across multiple client environments.\n\n\nThese attacks, emanating primarily from a cloud provider based in Hong Kong, exploit misconfigured or outdated systems. They coincide with recent critical vulnerability disclosures affecting Citrix NetScaler, underscoring the urgent need for organizations to act decisively to protect their infrastructure.\n\n\n\u00a0\n\n\n##### Overview of the Threat\n\n\nAttackers are leveraging a distributed brute force strategy, often changing IP addresses and Autonomous System Numbers (ASNs) with each attempt, making detection and mitigation challenging.\n\n\nNotably, attacks appear to spike in proximity to new vulnerability disclosures, such as the ones identified in November 2024:\n\n\n\u00a0\n\n\nCVE\\-2024\\-8534: Improper access control leading to authenticated users gaining unintended access.\n\n\nCVE\\-2024\\-8535: Potential for privilege escalation under specific conditions.\n\n\n\u00a0\n\n\nThese vulnerabilities have been detailed by Citrix in their security bulletin, and should serve as a catalyst for immediate action by affected organizations.\n\n\n\u00a0\n\n\n##### IP Blocks Associated with Attacks\n\n\nBelow is a list of IP addresses and ranges implicated in the current wave of brute force attempts:\n\n\n\u00a0\n\n\n45\\.145\\.4\\.0/24\n\n\n45\\.8\\.227\\.246\n\n\n212\\.87\\.223\\.3\n\n\n185\\.92\\.182\\.129\n\n\n185\\.92\\.180\\.100\n\n\n185\\.92\\.180\\.185\n\n\n185\\.92\\.182\\.172\n\n\n185\\.92\\.182\\.0/24\n\n\n185\\.92\\.180\\.0/24\n\n\n194\\.113\\.37\\.91\n\n\n185\\.92\\.182\\.174\n\n\n185\\.92\\.182\\.86\n\n\n46\\.8\\.227\\.238\n\n\n46\\.8\\.227\\.171\n\n\n194\\.113\\.37\\.0/24\n\n\n212\\.87\\.223\\.207\n\n\n194\\.113\\.37\\.116\n\n\n212\\.87\\.223\\.170\n\n\n45\\.159\\.209\\.0/24\n\n\n194\\.113\\.37\\.214\n\n\n212\\.87\\.223\\.78\n\n\n194\\.113\\.37\\.193\n\n\n46\\.8\\.227\\.71\n\n\n188\\.130\\.207\\.178\n\n\n193\\.242\\.145\\.120\n\n\n194\\.113\\.37\\.180\n\n\n212\\.87\\.223\\.140\n\n\n95\\.182\\.96\\.42\n\n\n109\\.120\\.136\\.0/24\n\n\n193\\.124\\.254\\.0/24\n\n\n208\\.115\\.218\\.90\n\n\n\u00a0\n\n\n##### Recommended Actions\n\n\nTo counteract these threats, Cyderes recommends the following proactive measures:\n\n\n\u00a0\n\n\n1\\) Block High\\-Risk IP Ranges\n\n\nMany of these attacks originate from IP blocks associated with the Hong Kong\\-based cloud provider. Blocking these ranges via firewalls or network policies can reduce exposure. A comprehensive list of IP ranges is available at IPInfo.\n\n\n \n2\\) Patch and Upgrade NetScaler Devices\n\n\n* If you are running an End\\-of\\-Life (EoL) version of NetScaler, upgrade immediately to a supported release. Neglected deployments are common, but they remain highly vulnerable.\n* For supported versions, apply the latest security patches, especially those addressing CVE\\-2024\\-8534 and CVE\\-2024\\-8535\\.\n\n\n \n3\\) Validate Configurations\n\n\n* Ensure that the Remote Desktop Protocol (RDP) feature is configured securely. Disable it entirely if not needed.\n* Regularly review access control policies and user authentication mechanisms.\n\n\n \n4\\) Implement Geographic Blocking\n\n\nBlock traffic from high\\-risk or unnecessary geographic locations. If Hong Kong or other high\\-threat regions are not part of your operational footprint, consider blocking traffic entirely. \n\n\u00a0\n\n\n5\\)\u00a0Monitor for Anomalous Activity\n\n\nUse tools to identify spikes in failed login attempts or traffic anomalies. Attackers are using sophisticated tactics, including shifting ASNs and IPs. \n\n\u00a0\n\n\n6\\)\u00a0Engage with Cyderes\n\n\nCyderes can assist in implementing architectural changes, monitoring ongoing attacks, and providing expert advice on hardening your NetScaler deployments.\n\n\n\u00a0\n\n\n##### Conclusion\n\n\nBrute force attacks and vulnerability exploitation campaigns are a persistent threat, particularly against neglected or unpatched systems. These attacks highlight the importance of staying vigilant in monitoring, patching, and securing your infrastructure. By acting promptly, organizations can mitigate risk and maintain operational integrity. \n \nCyderes is committed to helping clients navigate these complex threats. If you need assistance securing your NetScaler devices or defending against other sophisticated cyberattacks, contact us today.\n\n\n\u00a0\n\n\n\n\n---\n\n\n\u00a0\n\n\n##### Ready to put these insights into practice and improve your ongoing security posture?\n\n\n\n\n Schedule a Consultation\n\n\n\u00a0\n\n\nFor more cybersecurity tips, follow Cyderes on\u00a0LinkedIn\u00a0and\u00a0X.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n## Additional Insights\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nCybersecurity Insights\nTop Cybersecurity Trends of 2025\n\n\n\nRead Article\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nCybersecurity Insights\nThe Rising Threat of Scattered Spider\n\n\n\nRead Article\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\ncybersecurity awareness month\nA Look Back at Cybersecurity Awareness Month\n\n\n\nRead Article\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n### Let\u2019s Start with a Conversation\n\nCyderes is a global leader in innovative Cybersecurity operations, excelling in complex, multi\\-technology environments. Contact us today and let us know what challenges you\u2019re facing and take the next step in transforming your security program.\n\n\n\n\n\n\n\n\r\n \r\n \r\n \r\n Get Started",
"id": "831",
"event_id": "270318",
"timestamp": "1734345747",
"uuid": "20534ef9-e159-4c9d-8720-ecd3efbf0091",
"deleted": false
}
]
}
}
Reference in a new issue View git blame Copy permalink