An NBC report published today shortly before the Citrix announcement and citing a source with Resecurity® claimed that a group of Iranian state hackers called "Iridium" might be behind this hack. Resecurity® said that Iridium breached Citrix's network during the Christmas 2018 holiday.
Resecurity® said hackers used techniques to bypass two-factor authentication and gain access to Citrix's internal network from where they accessed roughly 6TB of information.
A Citrix spokesperson declined to comment on the NBC report and Resecurity® blog post --which convey substantially different information from the company's data breach announcement-- when ZDNet reached out earlier today. Resecurity®'s findings have been questioned in the past... Please continue the article at the source