Citrix has now disclosed a massive data leak by informing their customers that hackers intruded their network and stole their corporate secrets.
Affected Customers
Citrix services the following businesses but not limited to:
- US Military
- Various US Government Agencies
- Whitehouse
- FBI
With the above government entities itself, this data leak proves to be critical. A private security firm was the one who alerted the Feds, and Citrix to the cyber-intrusion.
How Large Was the Data?
6 TB of data was swiped or stolen from Citrix by the Iranian-backed IRIDIUM hacker group.
When did this happen?
The hackers hit it off last December targeting emails, blueprints, and other documents after bypassing multi-factor login systems and sliding into Citrix’s VPNs.
Intention
Based on the report of the private security firm it appears that this is part of a cyberespionage campaign that is state-sponsored due to evident targeting on government, military-industrial complex, energy companies, financial institutions and large enterprises involved in crucial operation of an economy.
Analysis of the Private Security Firm
The cyber criminals utilized a combination of tools, techniques and procedures, allowing them to perform targeted network intrusion to access at least six terabytes of crucial data stored in the corporate network of Citrix. It is said that IRIDIUM “has hit more than 200 government agencies, oil and gas companies, and technology companies including Citrix.” The private security firm also gave Citrix a warning last 28th of December that they had been turned over by the hacker group during the Christmas Season. Citrix, meanwhile, said that it acted by launching an internal investigation and securing its networks – after finding out from the FBI recently this week.
What is the latest?
Recently, Citrix chief information security officer Stan Black issued his company’s side of the issue. He said that, they do not know exactly which documents were obtained nor how their network got infiltrated. Speculation from the FBI say that it could have been by brute-forcing weak passwords – nor any details on the duration of camping on the corporate network.