Citrix is a software company which provides services to the U.S. military, the FBI, many U.S. corporations, and various U.S. government agencies/ The company disclosed a massive data breach of its internal network by “international cyber criminals.”
The company was warned by the FBI on Wednesday of foreign hackers compromising its IT systems and stealing “business documents,” adding that the company does not know precisely which documents the hackers obtained nor how they got in.
The disclosure says that it’s believed the attackers used a tactic called “password spraying,” where they exploited weak passwords to gain limited access, and then worked to bypass other security systems.
“While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security,” Citrix said in a blog post.
Although Citrix did not disclose many details about the breach, researchers at infosec firm Resecurity shed more light on the incident, claiming it had earlier alerted the Feds and Citrix about the “targeted attack and data breach.”
Resecurity said the Iranian-backed IRIDIUM hacker group hit Citrix in December last year and again on Monday (March 4th) and stole at least 6 terabytes of sensitive internal files, including emails, blueprints, and other documents.
“Based our recent analysis, the threat actors leveraged a combination of tools, techniques and procedures (TTPs) allowing them to conduct targeted network intrusion to access at least 6 terabytes of sensitive data stored in the Citrix enterprise network, including e-mail correspondence, files in network shares and other services used for project management and procurement.”
Resecurity President Charles Yoo told NBC news that IRIDIUM broke its way into Citrix’s internal network about 10 years ago, and has been lurking inside the company’s system ever since.
While Citrix says it’s working to contain the incident and ensures its products and services remain secure, the real problem is that as a government contractor the company has a vast amount of sensitive data, and now it’s anyone’s guess if or how much has been accessed.