Latest in Gear

Image credit:

Iranian hackers stole terabytes of data from software giant Citrix

There are concerns it could compromise government contractors.
Jon Fingas, @jonfingas
March 9, 2019
9 Shares
Share
Tweet
Share

Sponsored Links

Igor Golovniov/SOPA Images/LightRocket via Getty Images

Citrix is best-known for software that runs behind the scenes, but a massive data breach is putting the company front and center. The FBI has warned Citrix that it believes reports of foreign hackers compromising the company's internal network, swiping business documents in an apparent "password spraying" attack where the intruders guessed weak passwords and then used that early foothold to launch more extensive attacks. While Citrix didn't shed more light on the incident, researchers at Resecurity provided more detail of what likely happened in a conversation with NBC News.

Resecurity understood that hackers from Iridium, an Iran-linked group, stole data in December 2018 and again on March 4th. They made off with at least 6TB of documents and as much as 10TB, and they seemed to be focused on project data for the aerospace industry, the FBI, NASA and Saudi Arabia's state-owned oil company. The intruders may have been lurking for a long time, too. Resecurity's Charles Yoo said that Iridium broke into Citrix's network roughly 10 years ago and had been hiding since then.

The researchers said they'd told Citrix about the first attack on December 28th. It's not clear if Citrix addressed the issue then, although it took a number of steps after the FBI got in touch on March 6th. The company said it launched a "forensic investigation" with the help of an unnamed security firm and took "actions" to lock down its network.

Citrix stressed there was "no indication" that the intruders compromised its products or services. However, that's not the major concern here. As a government contractor that focuses on networking and the cloud, Citrix could hold sensitive data on other companies. It may be aware of their network layouts and security measures, for instance. Like the OPM hack, the consequences could reach well beyond the initial target.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
9 Shares
Share
Tweet
Share

Popular on Engadget

Someone bought the new Chromecast and told Reddit all about it

Someone bought the new Chromecast and told Reddit all about it

View
Here's everything Amazon announced at its big hardware event

Here's everything Amazon announced at its big hardware event

View
The best wireless workout headphones

The best wireless workout headphones

View
Google Chrome will warn you if your logins have been stolen

Google Chrome will warn you if your logins have been stolen

View
Sony WF-1000XM3 review: Simply the best true wireless earbuds

Sony WF-1000XM3 review: Simply the best true wireless earbuds

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr