Citrix discloses an internal network security breach

Citrix

Citrix learned about the FBI’s hack. Hackers stole documents from business.

American software company Citrix released today an infringement of security during which hackers accessed the internal network of the company.

Citrix Chief Information Officer Stan Black said Citrix found out about the FBI hack earlier this week in a short statement posted on his blog. “The FBI contacted Citrix on March 6, 2019 to advise that they had reason to believe that international cyber criminals were gaining access to the Citrix internal network,” Black said.

“But not confirmed, the FBI advised that hackers probably use a technique known as password spraying, which uses weak passwords. After a limited access footprint, they were able to circumvent additional layers of security,” added the Citrix Exec.

Black said hackers were accessing and downloading business documents, but at the time of his announcement today, Citrix was unable to identify which specific documents had been stolen. The Citrix exec said there is no evidence to suggest that hackers may have manipulated official Citrix software or other products.

The hack is still being investigated, and as they learn more, Black promised more updates on the incident. A NBC report, published shortly before the Citrix announcement today and quoting a source with Resecurity claimed that behind this hack could be a group of Iranian state hackers called “Iridium.

Resecurity said Iridium broke the network of Citrix during the holiday of Christmas 2018. Resecurity said hackers used techniques to bypass two-factor authentication and gain access to the internal network of Citrix from which they accessed about 6 TB of information.

A spokesman for Citrix declined to comment on the NBC report and blog post on Resecurity-which conveys substantially different information from the company’s announcement of data breach.

In December 2018, after detecting a credentials stuffing attack against its customers, Citrix reset passwords for some Citrix ShareFile service users.

This attack, however, is unrelated to the announcement of today’s data breach as it targeted Citrix’s customer network and customer accounts, not its internal network and employee accounts.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.