An enormous data breach by “international cyber
criminals” of the famous enterprise software company Citrix was unveiled a
weekend ago, reporting the breach of its internal network.
The software company which is known to provide its services,
especially to the U.S. military, the FBI, numerous U.S. organizations, and
different U.S. government offices was cautioned by the FBI of foreign hackers
compromising its IT systems and sneak “business documents,” likewise
including that the company did not know exactly which records and documents the
hackers acquired nor how they even got in, in the first place.
In a blog post Citrix says that, “While not confirmed, the
FBI has advised that the hackers likely used a tactic known as password
spraying, a technique that exploits weak passwords. Once they gained a foothold
with limited access, they worked to circumvent additional layers of security…”
“Password spraying” is an attack where the attackers
surmise weak passwords to pick up an early toehold in the company’s system in
order to launch more extensive attacks.
The enormous data breach at Citrix has been distinguished as
a part of “a sophisticated cyber espionage campaign supported by
nation-state due to strong targeting on government, military-industrial
complex, energy companies, financial institutions and large enterprises
involved in critical areas of the economy,” said Rescurity, an infosec
firm in a blog post.
The researchers at Resecurity shed all the more light on the
episode when Citrix refused to disclose the numerous insights regarding the
breach, guaranteeing that it had prior cautioned the Feds and Citrix about the
“targeted attack and data breach.”
In spite of the fact that Resecurity says that the
Iranian-backed IRIDIUM hacker group hit Citrix in December a year ago and yet
again on Monday i.e. the 4th of March and purportedly stole approximately 6
terabytes of sensitive internal files including messages, emails, blueprints
and various other documents as well.
While this Florida-based company focused on the fact that
there was no sign that the hackers bargained any Citrix product or service, and
that it propelled a “forensic investigation,” procured the best cyber
security company, and took “actions” to skilfully secure its internal
Since the consequences of the Citrix ‘security incident’ are
grave and they could influence a more extensive scope of targets, as the
company holds sensitive data on other companies as well, including critical
infrastructure, government and enterprises, therefore, strict measures will be thusly taken to
secure it inside-out.