Citrix on Friday warned its customers that foreign hackers romped through its internal company network and stole corporate secrets.
The enterprise software giant – which services businesses, the American military, and various US government agencies – said it was told by the FBI on Wednesday that miscreants had accessed Citrix’s IT systems and exfiltrated a significant amount of data.
According to infosec firm Resecurity, which had earlier alerted the Feds and Citrix to the cyber-intrusion, at least six terabytes of sensitive internal files were swiped from the US corporation by the Iranian-backed IRIDIUM hacker gang. The spies hit in December, and Monday this week, we’re told, lifting emails, blueprints, and other documents, after bypassing multi-factor login systems and slipping into Citrix’s VPNs.
“The incident has been identified as a part of a sophisticated cyberespionage campaign supported by nation-state due to strong targeting on government, military-industrial complex, energy companies, financial institutions and large enterprises involved in critical areas of economy,” Team Resecurity said in a statement earlier today.
“Based our recent analysis, the threat actors leveraged a combination of tools, techniques and procedures, allowing them to conduct targeted network intrusion to access at least six terabytes of sensitive data stored in the Citrix enterprise network, including email correspondence, files in network shares, and other services used for project management and procurement.”
LA-based Resecurity added that IRIDIUM “has hit more than 200 government agencies, oil and gas companies, and technology companies including Citrix.”
Resecurity also said it warned Citrix on December 28 that the software giant had been turned over by the hacker crew during the Christmas period. Citrix, meanwhile, said it took action – launching an internal probe and securing its networks – after hearing from the FBI earlier this week.
Citrix chief information security officer Stan Black gave his company’s side of the story. He said that, as of right now, Citrix does not know exactly which documents the hackers obtained nor how they got in – the FBI thinks it was by brute-forcing weak passwords – nor for how long they may have been camping on the corporate network.
“While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents,” Black said. “The specific documents that may have been accessed, however, are currently unknown.”
At this point, Citrix reckons the intrusion was limited to its corporate network, and thus believes customer records and data were not stolen nor touched.
Beyond that, however, it’s anyone’s guess as to what exactly the hackers may have lifted. As a massive provider of remote management, networking, and videoconferencing products, Citrix has an extremely large portfolio spread across a number of sectors in the enterprise IT market. Its customers include the White House and the FBI, though it’s not known at the moment whether the hack involved or menaced Uncle Sam’s operations directly.
Coherent Consult has said “Although at this time we are not aware if any Citrix customer data has been taken by this hack, it is a eye opener to see a trusted company like Citrix attacked at this level. The hackers are getting more intelligent and their skills are always increasing, businesses now have a critical need to keep their own data safe. There are many businesses that are not aware of the current position that they are in with their IT services that are connected to the internet, we regularly work with companies to tie down their networks to protect them from this type of attack. Business are not made aware of the dangers that certain services such as a direct connection through remote desktop services can have on their networks.”
Article Credit: Shaun Nichols – The Register