American software company Citrix has revealed a security breach in which the attackers were able to access the company’s internal network.
The company has posted a blog which states that they came to know about the breach from the FBI earlier this week. Chief Security Information Officer of Citrix, Stan Black said that on March 6th, the FBI had contacted Citrix to advise they had reason to believe that international cyber criminals gained access to the internal Citrix network.
FBI advised that the hackers likely used a tactic known as password spraying which is a technique that exploits weak passwords. Once they managed to gain at least a limited access they worked to bypass additional layers of security as well.
Black stated that hackers accessed and downloaded business documents, but the company could not manage to identify what specific documents had been stolen. There is no evidence to suggest that hackers might have tampered with Citrix official software or other products.
The issue is still under investigation, and any updates regarding this will be informed.
Just before the Citrix announcement, an NBC report published citing a source with Resecurity and according to that a group of Iranian state hackers called “Iridium” might be behind this hack. Resecurity said that Iridium breached Citrix’s network during the Christmas 2018 holiday.
The attackers used techniques to bypass two-factor authentication and gained access to Citrix’s internal network from where they accessed around 6TB of information.
In December 2018, Citrix detected credential stuffing against its customers after which they reset the passwords for some of its users of the Citrix ShareFile service. However, this attack is not related to the current data breach because this has targeted Citrix’s customer network and customer accounts, and not its internal network and employee accounts.