JSC State Technical Service

– upgrade the affected software to any supported version;

– check that your subscription to the Security updates module is up to date;

– add “Possible Citrix ADC and NetScaler Gateway RCE” signatures to the IDPS blocking rule.

– check log files to identify any unusual activity or behavior on servers with NetScaler ADC and NetScaler Gateway, e.g. unauthorized access, changing configuration settings;

– monitor network traffic to and from servers with NetScaler ADC and NetScaler Gateway to identify any unusual or suspicious activity, such as large amounts of data being transferred to unknown IP addresses or domains (DNS);

– scan servers with NetScaler ADC and NetScaler Gateway for malware software, web shells, or scripts that may have been uploaded to the system;

– scan the NetScaler ADC and NetScaler Gateway servers for unusual files or directories that could have been created by an attacker;

– check the system configuration for changes, such as adding new user accounts or changing system settings; if third-party user accounts are detected, disable them immediately.