However, cyber security firm Resecurity® claimed to have first alerted Citrix to early warning signs of a breach as early as 28 December 2018, and since then has continued to present its findings to the FBI. This means that attackers had been lingering in Citrix’s systems for around five months.
The attack was attributed to the Iranian hacking group IRIDIUM which, according to Citrix, used a password spraying technique to establish an initial foothold before circumventing further security layers.
Following the incident, Citrix's chief digital risk officer Peter Lefkowitz told IT Pro that the company had learnt its lessons from the breach and would be reviewing password management procedures... Please continue the article at the source