NO BUSINESS REALLY wants a visit from the FBI, which is an agency not hugely known for friendly social calls. But even the most pessimistic of Citrix staff might not have predicted the extent of the problem being reported.
It seems that Iranian hackers have stolen between six and 10 terabytes of data from Citrix, which is a pretty big haul. According to Resecurity president Charles Yoo, the hack was focused on assets related to NASA, aerospace contracts, Saudi Arabia's state oil company and the FBI. So nothing too important, then.
Arguably more distressing than the files thieved is the method of entry:' password spraying', where attackers guess at weak passwords, and then work their way up to bigger attacks once inside. Yoo reckons the hackers - believed to be from Iridium, a group linked to the Iranian state - had been inside the Citrix network for a decade before stealing data in December 2018 and March 2019.
"Once an attacker goes into an environment and compromises one account, that's just the first stage. And what we uncovered and through our own analysis is a very sophisticated campaign," Yoo told NBC.
Citrix CSIO Stan Black has written a blog post confirming the attack. "Citrix is moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly," he wrote.
"In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information."
Black didn't confirm Yoo's account, merely stating that "the specific documents that may have been accessed, however, are currently unknown." He adds that there's "no indication that the security of any Citrix product or service was compromised," which should offer a crumb of comfort to concerned customers.
"Citrix deeply regrets the impact this incident may have on affected customers," Black concluded. "Citrix is committed to updating customers with more information as the investigation proceeds, and to continuing to work with the relevant law enforcement authorities." µ
Think happy thoughts
IE zero-day is being actively exploited, Redmond warns
Crapsicab firm's application for a full licence gets rejected
Subscriptions for everyone!