Hackers breach internal Citrix network

The average cost of a data breach has grown to US$3.86 million, a new report suggests (Image matejmo / iStockPhoto)
The internal network of Citrix has been breached by a group of suspected international cyber criminals (Image matejmo / iStockPhoto)

The internal network of Citrix has been breached by a group of hackers, believed to be international cyber criminals, following an alert from the FBI.

Involving unauthorised access, the software vendor was made aware of the breach on 6 March, leading to a public disclosure of the incident.

“Citrix has taken action to contain this incident,” said Stan Black, CISO at Citrix. “We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI.”

While not confirmed, Black said the FBI has advised that the hackers likely used a tactic known as "password spraying", a technique that exploits weak passwords.

“Once they gained a foothold with limited access, they worked to circumvent additional layers of security,” said Black, via a company statement. “Citrix is moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly.

“In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information.”

With the investigation still on ongoing, based on current information, Black acknowledged that the hackers “may have” accessed and downloaded business documents.

“The specific documents that may have been accessed, however, are currently unknown,” Black added. “At this time, there is no indication that the security of any Citrix product or service was compromised.

"Citrix deeply regrets the impact this incident may have on affected customers. Citrix is committed to updating customers with more information as the investigation proceeds, and to continuing to work with the relevant law enforcement authorities.”

CIO Australia


Suggested Articles

HKSTP has commenced construction of its on-site residential building InnoCell, and teamed up with the Construction Industry Council on AI and robotics

Over three in four Hong Kong CIOs are finding it difficult to source qualified IT professionals as a result of the city's ongoing IT skills shortage

HCL reportedly left employee passwords, customer project reports and other sensitive data exposed online with no authentication