Latest in Gear

Image credit: Igor Golovniov/SOPA Images/LightRocket via Getty Images

Iranian hackers stole terabytes of data from software giant Citrix

There are concerns it could compromise government contractors.
3772 Shares
Share
Tweet
Share
Save

Sponsored Links

Igor Golovniov/SOPA Images/LightRocket via Getty Images

Citrix is best-known for software that runs behind the scenes, but a massive data breach is putting the company front and center. The FBI has warned Citrix that it believes reports of foreign hackers compromising the company's internal network, swiping business documents in an apparent "password spraying" attack where the intruders guessed weak passwords and then used that early foothold to launch more extensive attacks. While Citrix didn't shed more light on the incident, researchers at Resecurity provided more detail of what likely happened in a conversation with NBC News.

Resecurity understood that hackers from Iridium, an Iran-linked group, stole data in December 2018 and again on March 4th. They made off with at least 6TB of documents and as much as 10TB, and they seemed to be focused on project data for the aerospace industry, the FBI, NASA and Saudi Arabia's state-owned oil company. The intruders may have been lurking for a long time, too. Resecurity's Charles Yoo said that Iridium broke into Citrix's network roughly 10 years ago and had been hiding since then.

The researchers said they'd told Citrix about the first attack on December 28th. It's not clear if Citrix addressed the issue then, although it took a number of steps after the FBI got in touch on March 6th. The company said it launched a "forensic investigation" with the help of an unnamed security firm and took "actions" to lock down its network.

Citrix stressed there was "no indication" that the intruders compromised its products or services. However, that's not the major concern here. As a government contractor that focuses on networking and the cloud, Citrix could hold sensitive data on other companies. It may be aware of their network layouts and security measures, for instance. Like the OPM hack, the consequences could reach well beyond the initial target.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
3772 Shares
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
NBC News: Zuckerberg had an undisclosed dinner with the president

NBC News: Zuckerberg had an undisclosed dinner with the president

View
Apple cancels planned festival premiere of its TV+ movie 'The Banker'

Apple cancels planned festival premiere of its TV+ movie 'The Banker'

View
Trump ‘opens’ Texas Apple plant that’s built Mac Pros since 2013

Trump ‘opens’ Texas Apple plant that’s built Mac Pros since 2013

View
Sonos buys an AI startup to improve voice control for its speakers

Sonos buys an AI startup to improve voice control for its speakers

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr