



Citrix Systems said it is cooperating with the Federal Bureau of Investigation (FBI) to investigate a major data breach by international cyber criminals into the company's internal network. Based on what Citrix knows so far, the hackers may have accessed and downloaded business documents, though the full extent is not yet known.









Resecurity, a provider of cybersecurity and intelligence solutions, alerted the FBI in December of the data breach at Citrix. According to Resecurity, an Iranian-linked group known as IRIDIUM is responsible. The group is thought to have hit more than 200 government agencies, oil and gas companies, and technology firms, Citrix being one of them.







"Based our recent analysis, the threat actors leveraged a combination of tools, techniques and procedures (TTPs) allowing them to conduct targeted network intrusion to access at least 6 terabytes of sensitive data stored in the Citrix enterprise network, including email correspondence, files in network shares and other services used for project management and procurement," Resecurity stated in a blog post





Citrix somewhat refutes the full extent of the damage as reported by Resecurity, saying it has found no indication so far that the security of any Citrix product or service was compromised in the breach.





The FBI believes the hackers initially gained entry into the network using a tactic known as password spraying. This initially gave them limited access, though once they gained a foothold, the hackers were later able to circumvent additional layers of security





IRIDIUM is believed to possess an arsenal of proprietary hacking tools that allows them to bypass two-factor (2FA) authorization, making it possible to access virtual private network (VPN) channels and other secure areas.







"Citrix deeply regrets the impact this incident may have on affected customers. Citrix is committed to updating customers with more information as the investigation proceeds, and to continuing to work with the relevant law enforcement authorities," Citrix said.





"In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information," Citrix said in a statement.