Software firm Citrix says that it believes “hackers may have accessed and downloaded business documents” during a major security breach.
In a blog entry, the company’s CISO, Stan Black, said that the company had been contacted by the FBI, which indicated it had “reason to believe that international cyber criminals gained access to the internal Citrix network”.
Citrix’s products include NetScaler, XenDesktop, XenServer and XenApp.
Black wrote in the blog entry, published late last week, that Citrix was not yet sure which documents may have been accessed.
“While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords,” the CISO wrote. “Once they gained a foothold with limited access, they worked to circumvent additional layers of security.”
Black said Citrix “deeply regrets the impact this incident may have on affected customers”.
“Citrix is committed to updating customers with more information as the investigation proceeds, and to continuing to work with the relevant law enforcement authorities,” the CISO wrote.
Cyber security company Resecurity said it believed that Iranian group IRIDIUM was behind the hack.
“Based our recent analysis, the threat actors leveraged a combination of tools, techniques and procedures (TTPs) allowing them to conduct targeted network intrusion to access at least 6 terabytes of sensitive data stored in the Citrix enterprise network, including e-mail correspondence, files in network shares and other services used for project management and procurement,” Resecurity said.