Enterprise software developer Citrix becomes a victim of state-sponsored hack attack after hackers steal the company’s secrets.
One of the most popular enterprise software and networking and remote access technology provider firm Citrix affirmed that its internal network was compromised by international criminals.
Reportedly, the attackers exploited weak passwords and managed to get limited access initially after which they acquired privileged rights on the system. The firm has warned its customers about the breach and possible exposure of corporate secrets.
On the other hand, the FBI who knew about the attack before Citrix revealed that hackers have utilized the password spraying technique, which specifically exploits weak passwords, to access the company’s network.
Citrix offers its visualization software to the US military, businesses, and US government institutions. Over 400,000 businesses use products developed by Citrix most of which are the Fortune 500 companies.
The company was informed by the FBI on 6th March that its IT systems have been breached by cybercriminals and a significant amount of data including business documents has been stolen. Immediately after the news of data breach broke, the company’s shares fell 3 percent to $99.77.
In response to the news, Citrix claimed on Friday that it has no idea which documents have been accessed or stolen and there isn’t any indication that the security of any of its products or services got compromised during the attack. According to the official statement released by Citrix, the company is already trying to “contain this incident.”
“We commenced a forensic investigation; engaged a leading cybersecurity firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI” Citrix noted.
According to infosec firm Resecurity, six terabytes of sensitive and confidential internal data have been exfiltrated possibly by IRIDIUM, an Iranian hacker group that attacked the US corporation in December 2018 and March 2019. During the attack, the hackers obtained emails, sensitive documents, and blueprints by accessing the company’s VPNs. The incident seems to be a part of a very organized cyber-spying campaign initiated by a nation-state.
“The incident has been identified as a part of a sophisticated cyber espionage campaign supported by nation-state due to strong targeting on government, military-industrial complex, energy companies, financial institutions and large enterprises involved in critical areas of the economy,” Resecurity researchers explained.
To attack Citrix’s internal networks, the hackers used a combination of different techniques, tools, and methods to successfully conduct targeted intrusion. Moreover, IRIDIUM has so far attacked over 200 government institutions, oil and gas firms, and tech firms. Citrix is their latest target.
This is not the first time when Citrix has made headlines for all the wrong reasons. In 2017, Kedi RAT was found disguised as a Citrix Utility to hack Gmail based email addresses.