The internal network of Citrix has been breached by a group of hackers, believed to be international cyber criminals, following an alert from the FBI.
Involving unauthorised access, the software vendor was made aware of the breach on 6 March, leading to a public disclosure of the incident.
“Citrix has taken action to contain this incident,” said Stan Black, CISO at Citrix. “We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI.”
While not confirmed, Black said the FBI has advised that the hackers likely used a tactic known as "password spraying", a technique that exploits weak passwords.
“Once they gained a foothold with limited access, they worked to circumvent additional layers of security,” said Black, via a company statement. “Citrix is moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly.
“In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information.”
With the investigation still on ongoing, based on current information, Black acknowledged that the hackers “may have” accessed and downloaded business documents.
“The specific documents that may have been accessed, however, are currently unknown,” Black added. “At this time, there is no indication that the security of any Citrix product or service was compromised.
"Citrix deeply regrets the impact this incident may have on affected customers. Citrix is committed to updating customers with more information as the investigation proceeds, and to continuing to work with the relevant law enforcement authorities.”