A group of, allegedly Iranian, hackers stole around 6 TB of confidential information
According to network security and ethical hacking specialists from the International Institute of Cyber Security, Citrix, the enterprise management software company, has suffered a massive data breach after an intrusion into its internal network. Citrix serves organizations like the FBI, the U.S. Army, and some other U.S. government institutions.
The software company claims that, in recent days, the FBI sent them a warning about an “international hacking group” that had managed to compromise their systems and extract confidential information. According to the Citrix report, it is not yet known exactly what information hackers stole; the method they used to access the company’s systems is also unknown, mentioned the network security experts.
According to the federal agency, hackers would have used a technique known as “password spraying”, in which malicious users try to guess weak passwords to generate a first access to the network, which will function as an access point to launch more aggressive attacks.
Although the software company did not disclose great details about the incident, security specialists on independent networks claim that both the FBI and Citrix had been warned about the incident earlier. Experts point out that, last December, IRIDIUM, a group of hackers backed by the Iranian government, attacked Citrix systems and stole about 6 TB of confidential information, including names, email addresses, project drafts, among other files.
Regarding the organization of hackers involved, IRIDIUM is a hacking group backed by the Iranian government that has conducted hundreds of attacks against government organizations and high-profile companies in sectors such as energy, technology, hydrocarbons, among others, reported network security experts.
This massive data breach is part of a cyber espionage campaign backed by foreign governments seeking to gather critical information about government and defense organizations in the United States, mentioned officials from the federal agency.
According to Charles Yoo, CEO of a cybersecurity firm, this group of hackers has been infiltrated Citrix networks for at least ten years, since then hackers have been able to spy on the information guarded by Citrix.
It is important to note that no product or service provided by the software company seems to have been compromised, although the incident could affect the operations of organizations working with Citrix management systems.