Story image

Was Citrix unaware of its own data breach until the FBI got involved?

14 Mar 2019

Technology giant Citrix found out about a breach in its internal network due to a tipoff from the FBI, the company says.

According to a blog post from Citrix’s CSIO Stan Black, the FBI contacted Citrix on March 6 and advised that international cybercriminals had allegedly gained access to Citrix’s internal network.

The FBI believes that the criminals most likely used a technique called ‘password spraying’, which is a kind of brute force attack that takes advantage of weak passwords. Once the criminals got in, they began moving further into the network.

“While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents,” says Black.

“The specific documents that may have been accessed, however, are currently unknown. At this time, there is no indication that the security of any Citrix product or service was compromised.”

Once Citrix was alerted to the breach, it then contained the incident and took ‘actions to secure’ its internal network.

Forensic investigations and consultants from a cybersecurity firm were called in to help. Citrix says it continues to cooperate with the FBI.

According to cybersecurity firm Resecurity, the attack is linked to Iranian group IRIDIUM, which also conducted a number of attacks on other companies including government agencies, tech companies, and oil and gas companies.

The company posted a blog in which it outlines how the attacks likely occurred around October 15, 2018. Resecurity acquired the Global Access List related to the breach and found 31,378 records. 

“The threat actors leveraged it for further reconnaissance and accounts compromise,” the blog states.

In December 2018, Resecurity claims that it contacted Citrix to warn the company about a targeted attack and breach.

“Based our recent analysis, the threat actors leveraged a combination of tools, techniques and procedures (TTPs) allowing them to conduct a targeted network intrusion to access at least 6 terabytes of sensitive data stored in the Citrix enterprise network, including e-mail correspondence, files in network shares and other services used for project management and procurement.”

Citrix says it will have a better picture of the breach once it has what it believes is ‘credible and actionable information’.

“Citrix is moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly… details matter,” says Black.

“Citrix deeply regrets the impact this incident may have on affected customers. Citrix is committed to updating customers with more information as the investigation proceeds, and to continuing to work with the relevant law enforcement authorities.”

SingleRAN Pro: Combining simplicity and openness for a 5G future
Huawei's SingleRAN Pro solution supposedly offers an open, simplified networking concept to help operators roll out commercial 5G networks.
Gartner recognizes Huawei's data center networking expertise
The Gartner Peer Insights Customers’ Choice analyzes more than 200,000 reviews across more than 300 markets posted to Gartner Peer Insights. 
How Huawei aims to enhance IP networks
'We believe that the intelligent IP networks built with the four-engine series products can continuously empower users with business intelligence."
Earth Day 2019: How tech firms can support our planet's wellbeing
Six industry experts explain how they - and other tech organisations - can positively contribute to the wellbeing of our earth.
CyrusOne signs up three new senior execs for Europe
CyrusOne has appointed three new senior hires in its growing Europe-based team, including a new area vice president, engineering solutions director, and business development manager.
Dell EMC’s six server market trends
As the evolution of cloud-based computing continues, it is important to know what’s ahead to stay ahead of the market.
Park Place Technologies hires new EMEA managing director
Post-warranty data centre maintenance company Park Place Technologies has recruited Sean Sears as its new managing director for Europe, the Middle East and Africa.
Huawei FusionServer Pro built for 'intelligent transformation'
The next generation X86 servers draw on an intelligent acceleration engine, an intelligent management ending, and intelligent data center solutions for ‘diverse’ scenarios as transformation shifts from digital to intelligent.