In a post penned by Citrix CISO Stan Black, he confessed that the company had been notified a few days prior by the FBI that they were victims of a cyber attack. It seems that foreign attackers used a method called password spraying, which targets weak passwords to breach their network. According to Black, “Once they gained a foothold with limited access, they worked to circumvent additional layers of security.”
Threats to US Intelligence?
According to independent security firm Resecurity® who first discovered the attack, it appears that Citrix was hacked by an Iranian hacking group called IRIDIUM, who stole between 6-10 TB of business documents. They say that Citrix is not the group’s only target – IRIDIUM has attacked over 200 organizations as of recent, including government agencies and other tech companies.
If all this wasn’t scary enough, Resecurity® says that it appears that the attackers may have actually breached the network about 10 years ago and have been lurking silently ever since. Though it doesn’t seem that any customer information was compromised, it’s indeed a very disturbing prospect as the US Department of Defense as well as the Military both use Citrix cloud services. Though there is no cold hard proof yet, it makes sense to derive that IRIDIUM may have been after government information.
Citrix has launched an ongoing forensic investigation into the... Please continue the article at the source