The Amazon Threat Intelligence team has identified a sophisticated cyberattack exploiting multiple zero-day vulnerabilities in Cisco ISE and Citrix systems, showing an increased focus on critical identity and access infrastructure. The attackers used custom malware and targeted unpatched systems across the internet, highlighting the severity of the threat. #CiscoISE #CitrixSystems
Keypoints
- The campaign exploited zero-day vulnerabilities in Cisco ISE and Citrix systems before patches were available.
- Amazonβs honeypot detected early signs of attacks hitting Citrix infrastructure, revealing prior knowledge of the Citrix Bleed 2 flaw.
- Skilled threat actors used custom, in-memory web shells with sophisticated evasion techniques for malicious access.
- The attack involved simultaneous weaponization of multiple zero-days, indicating highly resourceful adversaries.
- Mass scanning was conducted across the internet to identify vulnerable Cisco and Citrix systems for exploitation.