- Oct 9, 2016
- 6,141
Enterprise VPN provider Citrix has suffered a hack that may have stolen sensitive information about the company's technology.
The FBI contacted Citrix about "international cyber criminals" breaking into the company's networks, Citrix revealed Friday. The feds told Citrix that the hackers likely broke in by successfully guessing the weak password to a company account using a tactic known as "password spraying."
"While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents," Citrix said in a notice. "The specific documents that may have been accessed, however, are currently unknown."
On Dec. 28, cybersecurity Resecurity reached out to Citrix, warning them about the breach, Resecurity said in a blog post published today. The attackers are part of an Iranian hacking group that's targeted more than 200 organizations, including government agencies, oil and gas companies, and technology firms, according to Resecurity.
The hackers accessed "at least 6 terabytes of sensitive data stored in the Citrix enterprise network, including email correspondence, files in network shares and other services used for project management and procurement," Resecurity wrote.
The security firm didn't explain how it learned of the attack, but said it "has shared the acquired intelligence with law enforcement and partners for mitigation."
Citrix serves over 400,000 organizations, including nearly all top Fortune 500 companies. So any breach could have wide-reaching consequences, especially if it affects Citrix's VPN technology. In corporate environments, VPNs can act as a gateway to prevent outside visitors and hackers from gaining remote access to a company's internal network.
Despite the hack, Citrix said it's so far found no indication that the security of any company product or service has been compromised.
"Citrix has taken action to contain this incident. We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI," the company added in its notice.
The FBI declined to comment. Resecurity claims the hackers are backed by a nation-state, "due to strong targeting on government, military-industrial complex, energy companies, financial institutions and large enterprises involved in critical areas of economy."
The FBI contacted Citrix about "international cyber criminals" breaking into the company's networks, Citrix revealed Friday. The feds told Citrix that the hackers likely broke in by successfully guessing the weak password to a company account using a tactic known as "password spraying."
"While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents," Citrix said in a notice. "The specific documents that may have been accessed, however, are currently unknown."
On Dec. 28, cybersecurity Resecurity reached out to Citrix, warning them about the breach, Resecurity said in a blog post published today. The attackers are part of an Iranian hacking group that's targeted more than 200 organizations, including government agencies, oil and gas companies, and technology firms, according to Resecurity.
The hackers accessed "at least 6 terabytes of sensitive data stored in the Citrix enterprise network, including email correspondence, files in network shares and other services used for project management and procurement," Resecurity wrote.
The security firm didn't explain how it learned of the attack, but said it "has shared the acquired intelligence with law enforcement and partners for mitigation."
Citrix serves over 400,000 organizations, including nearly all top Fortune 500 companies. So any breach could have wide-reaching consequences, especially if it affects Citrix's VPN technology. In corporate environments, VPNs can act as a gateway to prevent outside visitors and hackers from gaining remote access to a company's internal network.
Despite the hack, Citrix said it's so far found no indication that the security of any company product or service has been compromised.
"Citrix has taken action to contain this incident. We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI," the company added in its notice.
The FBI declined to comment. Resecurity claims the hackers are backed by a nation-state, "due to strong targeting on government, military-industrial complex, energy companies, financial institutions and large enterprises involved in critical areas of economy."