Latest in Gear

Image credit: Igor Golovniov/SOPA Images/LightRocket via Getty Images

Iranian hackers stole terabytes of data from software giant Citrix

There are concerns it could compromise government contractors.
3770 Shares
Share
Tweet
Share
Save

Sponsored Links

Igor Golovniov/SOPA Images/LightRocket via Getty Images

Citrix is best-known for software that runs behind the scenes, but a massive data breach is putting the company front and center. The FBI has warned Citrix that it believes reports of foreign hackers compromising the company's internal network, swiping business documents in an apparent "password spraying" attack where the intruders guessed weak passwords and then used that early foothold to launch more extensive attacks. While Citrix didn't shed more light on the incident, researchers at Resecurity provided more detail of what likely happened in a conversation with NBC News.

Resecurity understood that hackers from Iridium, an Iran-linked group, stole data in December 2018 and again on March 4th. They made off with at least 6TB of documents and as much as 10TB, and they seemed to be focused on project data for the aerospace industry, the FBI, NASA and Saudi Arabia's state-owned oil company. The intruders may have been lurking for a long time, too. Resecurity's Charles Yoo said that Iridium broke into Citrix's network roughly 10 years ago and had been hiding since then.

The researchers said they'd told Citrix about the first attack on December 28th. It's not clear if Citrix addressed the issue then, although it took a number of steps after the FBI got in touch on March 6th. The company said it launched a "forensic investigation" with the help of an unnamed security firm and took "actions" to lock down its network.

Citrix stressed there was "no indication" that the intruders compromised its products or services. However, that's not the major concern here. As a government contractor that focuses on networking and the cloud, Citrix could hold sensitive data on other companies. It may be aware of their network layouts and security measures, for instance. Like the OPM hack, the consequences could reach well beyond the initial target.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
3770 Shares
Share
Tweet
Share
Save

Popular on Engadget

Russia reportedly breached encrypted FBI comms in 2010

Russia reportedly breached encrypted FBI comms in 2010

View
Elon Musk insists 'pedo guy' tweet wasn’t serious accusation

Elon Musk insists 'pedo guy' tweet wasn’t serious accusation

View
Nintendo's SNES-style Switch controllers are now available

Nintendo's SNES-style Switch controllers are now available

View
Mazda will show off its first EV at the Tokyo Motor Show

Mazda will show off its first EV at the Tokyo Motor Show

View
US Senators ask the FCC to review licenses with China-owned telecoms

US Senators ask the FCC to review licenses with China-owned telecoms

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr