We’re seeing unusual patterns of login attempts against our customers netscalers with the only thing in common the user-agent:
CitrixReceiver/23.11.1.41 Windows/10.0 AuthManager/23.11.0.9 (Release) X1Class CWACapable CWA/23.11.1.41
Some are brute force circa 15000 attempts against a guessed (but incorrect) username
Some are 3-4 attempts against users who work at the customer organisation
Some are 5 attempts per very random (but not randomly generated) usernames
As for source countries, Russia is by far the biggest culprit followed by the United States then by a stack of other countries. IP addresses used are in the hundreds.
