Software maker Citrix has revealed that it’s been the target of a data breach, resulting in international hackers making off with a large amount of data. The company states that it was contacted by the FBI last week and warned that its network was likely compromised by an Iran-linked hacker group, which stole between 6TB and 10TB of business documents.
Citrix is working quickly in response to the incident. “We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI,” the company states. It adds that there’s no sign any of Citrix’s products or services have had their security compromised, but also admits that it’s not clear exactly how many or which documents were accessed.
The disclosure says that it’s believed the attackers used a tactic called “password spraying,” where they exploited weak passwords to gain limited access, and then worked to bypass other security systems.
Prior to Citrix being notified by the FBI on March 6th, the cybersecurity firm Resecurity states that it contacted the company on December 28th about an attack earlier that month from the same group of hackers. Resecurity president Charles Yoo says there was evidence the hackers first breached Citrix’s network about 10 years ago, and have been lying in wait since. The firm believes 6-10TB of data was stolen in the two recent attacks, with a focus on documents related to the FBI, NASA and the aerospace industry, and Saudi Arabia’s state-owned oil company.
While Citrix says it’s working to contain the incident and ensures its products and services remain secure, the real problem is that as a government contractor the company has a vast amount of sensitive data, and now it’s anyone’s guess if or how much has been accessed.