Hackers breach internal Citrix network

The average cost of a data breach has grown to US$3.86 million, a new report suggests (Image matejmo / iStockPhoto)
The internal network of Citrix has been breached by a group of suspected international cyber criminals (Image matejmo / iStockPhoto)

The internal network of Citrix has been breached by a group of hackers, believed to be international cyber criminals, following an alert from the FBI.

Involving unauthorised access, the software vendor was made aware of the breach on 6 March, leading to a public disclosure of the incident.

“Citrix has taken action to contain this incident,” said Stan Black, CISO at Citrix. “We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI.”

While not confirmed, Black said the FBI has advised that the hackers likely used a tactic known as "password spraying", a technique that exploits weak passwords.

“Once they gained a foothold with limited access, they worked to circumvent additional layers of security,” said Black, via a company statement. “Citrix is moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly.

“In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information.”

With the investigation still on ongoing, based on current information, Black acknowledged that the hackers “may have” accessed and downloaded business documents.

“The specific documents that may have been accessed, however, are currently unknown,” Black added. “At this time, there is no indication that the security of any Citrix product or service was compromised.

"Citrix deeply regrets the impact this incident may have on affected customers. Citrix is committed to updating customers with more information as the investigation proceeds, and to continuing to work with the relevant law enforcement authorities.”

CIO Australia

Read more on

Suggested Articles

The “MakeITHong Kong 3-2-1 Go! Bang!” event at Science Park will showcase solutions developed by Hong Kong's innovation and technology ecosystem

Over a third of Hong Kong marketers say that they are tasked with leading customer experience initiatives across their organization

Experts believe current public key encryption could be vulnerable to being broken by quantum computing