The software company was not aware of the attack until the FBI contacted Citrix to inform them that their network had been compromised and hacked.
As per the company’s blog, the company has already taken steps to contain the impact of the hacking incident. The company has commenced a forensic investigation; engaged a leading cybersecurity firm to assist and is also continuing to cooperate with the FBI in the investigation.
Speaking about the hacking incident, Stan Black writes in the blog:
“While our investigation is ongoing, based on what we know to date, it appears that the hackers may have downloaded business documents. The specific documents that may have been accessed, however, are currently unknown. At this time, there is no indication that the security of any Citrix product or service was compromised.”
As the investigation is going on, the FBI told Citrix that there is a high probability that the hackers used a tactic known as password spraying, where the hacker tries a single commonly used password against many accounts. “Once the hackers gained a foothold with limited access, they worked to circumvent additional layers of security,” Black added.
The breach disclosure comes just days after Citrix updated its SD-WAN offering to help enterprises to administer user-centric policies and connect branch employees to applications in the cloud with greater security and reliability.
According to a report by NBC, Resecurity claimed that there is a high probability that a group of Iranian state hackers called “Iridium” might be behind this hack. Resecurity said that Iridium breached Citrix’s network during the Christmas 2018 holiday week.