Hackers lurked in Citrix systems for six months
Citrix has revealed a data breach in which cyberattackers managed to maintain persistence on its systems and conduct data theft over a period of six months.
In a letter (.PDF) sent to potential victims this week, the US software company said that the FBI informed Citrix of a potential compromise by "international cybercriminals."
Security
Citrix then investigated the matter and found that the group had "intermittent access" to its systems between October 13, 2018 and March 8, 2019, a period of roughly six months.
The company believes that information was stolen during this time relating to current and former employees, and potentially beneficiaries and dependents, too.
See also: Failed blackmail attempt prompts hackers to leak ocean of data belonging to major companies
The extent of the theft is not yet known but it is possible that the data stolen included names, Social Security numbers, and financial information.
It is unclear how many individuals may have been involved in the data breach.
The FBI is now involved in the investigation, which is ongoing. Cybersecurity professionals have also been hired to conduct a forensic examination of Citrix's internal systems.
TechRepublic: 61% of IT pros have experienced a serious data breach
The security incident was first revealed on March 8. At the time, Citrix said it was likely the intrusion took place through a technique called "password spraying;" in other words, the use of brute-force attacks to compromise weak password credentials and gain access to a system.
"We have found no indication that the threat actors discovered and exploited any vulnerabilities in our products or services to gain entry," Citrix added.
Resecurity, a low-profile cybersecurity company which only formally launched in 2018, said that Citrix was sent a warning about a potential breach in December.
Internally, the attack has been attributed to a group called Iridium which focuses on high-profile corporate targets, as well as organizations in the oil and gas industries. The hackers have targeted companies in Canada, the US, United Arab Emirates, and Europe.
CNET: Lawmakers want to stop a future filled with smart devices and bad security
In related news, earlier this week, hackers compromised Citycomp's network and managed to steal a treasure trove of data belonging to the IT services company's clients.
After Citycomp refused to bow to a blackmail demand of $5,000, the threat actors published a sample of the data, which included customer names, email addresses, phone numbers, asset lists, accountancy paperwork, and payroll records.
These are the worst hacks, cyberattacks, and data breaches of 2018
Previous and related coverage
- NSA surveillance of foreign nationals surges
- Eddie Bauer reaches $9.8 million settlement deal over leak of 1 million Veridian accounts
- DJI employee who leaked source code sent behind bars
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0