FBI informed software giant Citrix of a security breach

The American multinational software company Citrix disclosed a security breach, according to the firm an international cyber criminals gang gained access to its internal network.

The American multinational software company Citrix is the last victim of a security breach, according to the company an international cyber criminal gang gained access to its internal network,

Hackers were able to steal business documents, but its products or services were not impacted by the attack.

Citrix discovered the intrusion after being notified by the FBI on March 6, 2019, the company announced to have secured its network and hired a forensic firm to assist with a forensic investigation of the inciden.

“On March 6, 2019, the FBI contacted Citrix to advise they had reason to believe that international cyber criminals gained access to the internal Citrix network.” reads a statement published by the company.

“Citrix has taken action to contain this incident. We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI.”

FBI believes attackers used the password spraying technique to access the network and once inside, they worked to obtain more privileges, the company confirmed that an investigation is still ongoing.

“While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security,” continues the statement.

“Citrix deeply regrets the impact this incident may have on affected customers. Citrix is committed to updating customers with more information as the investigation proceeds, and to continuing to work with the relevant law enforcement authorities.”

The security breach doesn’t appear to be linked to the recent wave of attacks against cloud service providers that were attributed to China-linked APT groups (Operation Cloudhopper).

According to a report published by NBC, the software company was hacked by the Iran-linked APT group Iridium that penetrated the company years ago and have remained inside its computer network ever since.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – data breach, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.