If initial accounts from cybersecurity firm Resecurity® are accurate, the Citrix Systems breach could turn out to be bad: really, really bad. Citrix is a major federal government contractor, and nation-state hackers have been ramping up their efforts to breach federal agencies and steal classified data by hacking weak links in the federal supply chain. According to an internal U.S. Navy review procured by the Wall Street Journal, Navy contractors are “under cyber siege,” particularly by Chinese nation-state hackers.
Resecurity® alleges that Citrix was breached by an Iranian hacker group known as Iridium, which has also targeted other government agencies and oil and gas companies. It is believed the hackers got in by way of a password spraying attack. Ironically, not quite a year ago, the FBI and the U.S. Department of Homeland Security released an alert warning of an upsurge in password spraying. This alert came on the heels of — I can’t make this up — a federal indictment of nine Iranian nationals for hacking on behalf of their home country... Please continue the article at the source