FBI is investigating Citrix Data breach
Citrix is working quickly in response to the incident. “We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI,” the company states.
The disclosure says that it’s believed the attackers used a tactic called “password spraying,” where they targeted weak passwords to gain limited access, and then worked to bypass other security systems.
Citrix said it was warned by the FBI on Wednesday of foreign hackers compromising its IT systems and stealing “business documents,” adding that the company does not know precisely which documents the hackers obtained nor how they got in.
As per cybersecurity firm Resecurity states that it contacted the company on December 28th about an attack earlier that month from the same group of hackers. According to Resecurity the attacks were carried by Iranian-linked group known as IRIDIUM, which has targeted more than 200 government agencies, oil and gas firms and technology companies.
IRIDIUM proprietary techniques include bypassing multi-factor authentications for critical applications and services for further unauthorized access to VPN channels and SSO (Single Sign-On).
Resecurity president Charles Yoo says there was evidence the hackers first breached Citrix’s network about 10 years ago, and have been lying in wait since .
The firm believes 6-10TB of data was stolen in the two recent attacks, with a focus on documents related to the FBI, NASA and the aerospace industry, and Saudi Arabia’s state-owned oil company.
Consequences of the Citrix data breach incident could cause more damage then expected, as the company holds sensitive data on other companies, including critical infrastructure, government and Enterprises.
What we Know exactly ?
Until full forensic investigation is done its hard to say what all documents were stolen or what data were breached. Its very hard to tell what happened actually and nature of data stolen.
“In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information,” says Black.
While FBI is investigating this breach it appears IRIDIUM hacker group may have accessed and downloaded crucial business and government documents.