Hackers lurked in Citrix systems for six months

Social Security numbers and financial data may have been stolen.
Written by Charlie Osborne, Contributing Writer

Citrix has revealed a data breach in which cyberattackers managed to maintain persistence on its systems and conduct data theft over a period of six months.

In a letter (.PDF) sent to potential victims this week, the US software company said that the FBI informed Citrix of a potential compromise by "international cybercriminals."

Citrix then investigated the matter and found that the group had "intermittent access" to its systems between October 13, 2018 and March 8, 2019, a period of roughly six months.

The company believes that information was stolen during this time relating to current and former employees, and potentially beneficiaries and dependents, too.

See also: Failed blackmail attempt prompts hackers to leak ocean of data belonging to major companies

The extent of the theft is not yet known but it is possible that the data stolen included names, Social Security numbers, and financial information.

It is unclear how many individuals may have been involved in the data breach.

The FBI is now involved in the investigation, which is ongoing. Cybersecurity professionals have also been hired to conduct a forensic examination of Citrix's internal systems.

TechRepublic: 61% of IT pros have experienced a serious data breach

The security incident was first revealed on March 8. At the time, Citrix said it was likely the intrusion took place through a technique called "password spraying;" in other words, the use of brute-force attacks to compromise weak password credentials and gain access to a system.

"We have found no indication that the threat actors discovered and exploited any vulnerabilities in our products or services to gain entry," Citrix added.

Resecurity, a low-profile cybersecurity company which only formally launched in 2018, said that Citrix was sent a warning about a potential breach in December.

Internally, the attack has been attributed to a group called Iridium which focuses on high-profile corporate targets, as well as organizations in the oil and gas industries. The hackers have targeted companies in Canada, the US, United Arab Emirates, and Europe.

CNET: Lawmakers want to stop a future filled with smart devices and bad security

In related news, earlier this week, hackers compromised Citycomp's network and managed to steal a treasure trove of data belonging to the IT services company's clients.

After Citycomp refused to bow to a blackmail demand of $5,000, the threat actors published a sample of the data, which included customer names, email addresses, phone numbers, asset lists, accountancy paperwork, and payroll records. 

These are the worst hacks, cyberattacks, and data breaches of 2018

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards