Stairwell identifies unseen attack methods in Citrix CVE-2023-3519 for top financial services institution

MOUNTAIN VIEW, Calif., Aug 11, 2023 — Stairwell, a leading cybersecurity company that is redefining how organizations approach threat detection and response, today announced that the Stairwell threat research team identified and analyzed new attacker activity within a large financial institution customer regarding CVE-2023-3519, affecting Citrix Netscaler ADC devices. As a result of the analysis, the Stairwell team rapidly deployed an optimized version of Stairwell that runs on Citrix appliances, like ADC and Gateway, to provide new visibility and response capabilities on devices that do not typically run traditional security tools.

The attacker activity, not previously outlined in the July 20, 2023, CISA report, included three web shells that were automatically flagged as malicious by the Stairwell platform’s Mal-Eval tool. These web shells, which were not detected by leading EDR solutions, were designed to give an attacker access to direct remote command execution on the Citrix devices, with additional functionality beyond remote command execution being possible.

“While investigation and remediation are still ongoing, we felt it important to increase awareness of this previously unknown attacker activity,” said Chris St. Myers, Threat Research Lead at Stairwell.

To get more details on this new activity, the Stairwell threat research team has published a report that is viewable here.

“We want to meet our customers where they are, on whatever infrastructure they are using within their network,” said Eric Foster, VP of Business Development at Stairwell. “Getting an optimized version of Stairwell out to customers using Citrix appliances impacted by this CVE – or future CVEs – gives their security teams a tool to detect and respond to threats in a way that previously wasn’t available on the market.”

The Stairwell platform is a cybersecurity solution that enables organizations to automate crucial parts of security operations, incident response, and threat hunting processes. By ingesting every executable or executable-like file in an organization’s environment and storing it within a private, cloud-based data lake, the Stairwell platform is able to perform advanced AI- and ML-supported analysis at the binary level – providing continuous and retroactive threat detection and response capabilities to its customers. 

Stairwell’s automation addresses a significant gap in modern security tooling and empowers organizations to stay ahead of evolving threats, detect unknown attacks, and secure their supply chain while increasing team efficiency and reducing overall risk.

About Stairwell

Stairwell helps organizations take back the cybersecurity high ground. The Stairwell automation platform empowers security teams with automated threat detection and response capabilities as a force multiplier across security operations, threat hunting, and incident response to help outsmart any attacker. Acknowledged by Fast Company as one of the most innovative companies of 2023, Stairwell was founded by security industry leaders and engineers from Google and is backed by Section 32, Sequoia Capital, Accel, and Gradient Ventures. For more information, visit or connect with us on Twitter or LinkedIn.

Contact Information:

For press inquiries: [email protected] 

Latest news