Iran-based hackers have stolen terabytes of data from desktop virtualisation leader Citrix, with the company admitting that the cybercriminals may have accessed and downloaded business documents.
“The specific documents that may have been accessed, however, are currently unknown. At this time, there is no indication that the security of any Citrix product or service was compromised,” Citrix Chief Information Security Officer Stan Black said in a blog post.
According to a report in The Registrar on Sunday, the Federal Bureau of Investigation (FBI) last week warned Citrix about the data hack.
According to cyber-security firm Resecurity, at least six terabytes of sensitive internal files were stolen by the Iranian-backed IRIDIUM hacker gang.
The researchers said they had alerted Citrix as early as December 28 last year about the ongoing attack.
“Citrix has taken action to contain the incident. We commenced a forensic investigation; engaged a leading cyber-security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI,” Black wrote.
The hackers probably used a tactic known as “password spraying”, which exploits weak passwords. Once they gain a foothold with limited access, they worked to circumvent additional layers of security.
“Citrix deeply regrets the impact this incident may have on affected customers,” he said.