HA software company, Citrix has been the target of a recent massive data breach of its international systems by international cyber-attackers.
The company is responsible for providing services to the FBI, Pentagon, multiple U.S corporations and governmental agencies.
In a blog post, the company stated that it had been warned last week by the FBI of international hackers compromising its IT systems and carting away their business documents. Citrix cannot finger-point how they got in or which particular business data was stolen.
The FBI believes that the cyber-criminals likely launched a password spraying attack, where weak passwords were exploited, and after they had gain limited access had executed extensive attacks on the company’s networks.
Prior to this attack, Resecurity – a cybersecurity firm – has stated that it had contacted Citrix in December last year and warned them about an attack that month. Resecurity, in a blog post, believes it was IRIDIUM – an Iranian-based hacker group was responsible for both attacks.
IRIDIUM is known to have hit over 200 government agencies, oil companies, and other corporate organizations in recent times.
Charles Yoo, president of Resecurity believes that the hackers stole 6-10TB worth of sensitive information between the two attacks, with a huge focus on documents related to NASA, FBI, and a Saudi Arabia-owned oil company.
He also stated that the hackers had first breached Citrix’s networks 10 years and had been lurking within their systems ever since.
Based on their analysis, Resecurity states IRIDIUM techniques include bypassing multi-factor authentications for applications and gained unauthorized access to Single Sign-On (SSO) and VPN channels.
They also noted that large data stolen from Citrix’s networks also included e-mail correspondence and files stored in network shares used for project management and procurement.
Citrix announced that it was working quickly in response to the disturbing incident. They had begun a forensic investigation, taken measures to secure their internal networks, hired a leading cybersecurity firm to assist with their findings and have fully cooperated with the FBI.