FBI advised to Citrix that international cybercriminals gained access to the internal system and stole the sensitive business documents.
Citrix said, “it was unclear about the specific documents that were stolen,
Despite this incident, there was no further indication that we encountered any Citrix product or service was compromised.”
Researchers believe that Citrix hacked by Iran-base organized cybercrime group called Iridium who may have stolen atleast 6-10 TB of highly sensitive data that belongs to the project data of aerospace industry, the FBI, NASA and Saudi Arabia’s state-owned oil company.
IRIDIUM has already hit record of more than 200 government agencies, oil and gas companies, and technology companies including Citrix.
Threat actors leveraged a combination of tools, techniques and procedures, allowing them to conduct targeted network intrusion to access The internal network.
FBI made a statement that the attackers used a tactic known as password spraying, a technique used for a cyber attack against the weak password to compromise the first level of security then they move ahead and work to break the aditional security layers.
Accodring to the Citrix statement, Citrix is moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly. In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information.
Citrix also deployed a forensic investigation team to involve with this incident and let them protect the internal data and also and continue to cooperate with the FBI and other law enforcement authorities.