FBI informed software giant Citrix of a security breach

The American multinational software company Citrix disclosed a security breach, according to the firm an international cyber criminals gang gained access to its internal network.

The American multinational software company Citrix is the last victim of a security breach, according to the company an international cyber criminal gang gained access to its internal network,

Hackers were able to steal business documents, but its products or services were not impacted by the attack.

Citrix discovered the intrusion after being notified by the FBI on March 6, 2019, the company announced to have secured its network and hired a forensic firm to assist with a forensic investigation of the inciden.

“On March 6, 2019, the FBI contacted Citrix to advise they had reason to believe that international cyber criminals gained access to the internal Citrix network.” reads a statement published by the company.

“Citrix has taken action to contain this incident. We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI.”

FBI believes attackers used the password spraying technique to access the network and once inside, they worked to obtain more privileges, the company confirmed that an investigation is still ongoing.

“While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security,” continues the statement.

“Citrix deeply regrets the impact this incident may have on affected customers. Citrix is committed to updating customers with more information as the investigation proceeds, and to continuing to work with the relevant law enforcement authorities.”

The security breach doesn’t appear to be linked to the recent wave of attacks against cloud service providers that were attributed to China-linked APT groups (Operation Cloudhopper).

According to a report published by NBC, the software company was hacked by the Iran-linked APT group Iridium that penetrated the company years ago and have remained inside its computer network ever since.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – data breach, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]