Citrix, a major network software company, had its internal network compromised by what appears to be an international hacking campaign.
The company was alerted to the cyberattack by the FBI earlier this month.
“While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security,” announced Citrix on their website.
The details and scope of the damage caused by the attack are still unclear, but the activity has been tracked back to Iridium, a hacking group linked to the Iranian government. While unconfirmed the hackers are thought to have accessed between 6 and 10 terabytes of customer data including, according to cybersecurity firm Resecurity, “email correspondence, files in network shares, and other services used for project management and procurement.”
Resecurity previously alerted Citrix that their systems had been targeted by Iridium in late December 2018, according to president Charles Yoo.
“The incident has been identified as a part of a sophisticated cyber-espionage campaign supported by nation-state due to strong targeting on government, military-industrial complex, energy companies, financial institutions and large enterprises involved in critical areas of economy,” said Resecurity in a statement.
Citrix has yet to verify the claims made by Resecurity.
“Citrix is moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly,” said Citrix CIO Stan Black.