American software company Citrix disclosed today a security breach during which hackers accessed the company’s internal network.
In a short statement posted on its blog, Citrix Chief Security Information Officer Stan Black said Citrix found out about the hack from the FBI earlier this week.
“On March 6, 2019, the FBI contacted Citrix to advise they had reason to believe that international cyber criminals gained access to the internal Citrix network,” Black said.
“While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security,” the Citrix exec added.
Black said hackers accessed and downloaded business documents, but Citrix wasn’t able to identify what specific documents had been stolen at the time of his announcement today.
The Citrix exec said that there is no evidence to suggest that hackers might have tampered with Citrix official software or other products.
The hack is still under investigation, and Black promised more updates on the incident as they learn more.
At first sight, the security breach doesn’t appear to be related to a recent string of hacks of cloud service providers. The US blamed these hacks –known as Operation Cloudhopper– on Chinese government hackers. US authorities charged two hackers last December. Known cloud service providers breached in Operation Cloudhopper include IBM, HPE, and Visma.
An NBC report published today shortly before the Citrix announcement claimed that a group of Iranian state hackers called “Iridium” might be behind this hack, which apparently took place more than two years ago. Citrix didn’t return a request for comment from ZDNet regarding this report’s validity.
In December 2018, Citrix reset passwords for some users of the Citrix ShareFile service after it detected a credentials stuffing attack against its customers. However, this attack is unrelated to today’s data breach announcement as this targeted Citrix’s customer network and customer accounts, and not its internal network.
Article updated with information about the NBC report and the December 2018
More data breach coverage:
- Chinese company leaves Muslim-tracking facial recognition database exposed online
- Hackers wipe US servers of email provider VFEmail
- POS firm says hackers planted malware on customer networks
- Hackers tried to steal €13 million from Malta’s Bank of Valletta
- Hacker puts up for sale third round of hacked databases on the Dark Web
- Saudi caller ID app leaves data of 5+ million users in unsecured MongoDB server
- Massive breach leaks 773 million email addresses, 21 million passwords CNET
- Hackers turn to data theft and resale on the Dark Web for higher payouts TechRepublic
Source Article from https://www.zdnet.com/article/citrix-discloses-security-breach-of-internal-network/#ftag=RSSbaffb68
Citrix discloses security breach of internal network
Latest blogs for ZDNet
Latest blogs for ZDNet