Citrix says its network was breached by international criminals

FBI says hackers gained unauthorized access by exploiting weak passwords.1 min

The query window for username and password on a Web page can be seen on the monitor of a laptop.
Enlarge / The query window for username and password on a Web page can be seen on the monitor of a laptop.

Jens Büttner/Getty Images

Virtualization and software provider Citrix said its internal network was breached by international criminals who most likely exploited weak passwords to gain limited access before working to gain more privileged control.

The notice published Friday morning sent shockwaves through security circles because Citrix’s products and services are used by more than 400,000 organizations around the world, including 98 percent of the Fortune 500. Citrix is also widely used by governments and militaries. An intrusion by overseas hackers carries the risk of exposing technical information that could compromise the networks of customers.

Citrix said it still doesn’t know what specific data was stolen, but an initial investigation appears to show the attackers may have obtained business documents. For now, company officials said, there’s no indication that the security of any Citrix product or service was compromised. The company has commenced a forensic investigation and engaged a security firm to assist. Citrix has also taken unspecified actions to better secure it internal network.

Citrix said it was contacted by the FBI on Wednesday and that the bureau said it had reason to believe the Citrix network was breached.

“While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords,” Friday’s statement read. “Once they gained a foothold with limited access, they worked to circumvent additional layers of security.”

Friday’s advisory came the same day that NBC News, citing a firm called Resecurity, reported Iranian hackers stole at least 6 terabytes of data from Citrix over the past two months. Ars was unable to confirm that reporting, and in an interview, the Resecurity President Charles Yoo declined to provide details that would help outside researchers corroborate the report.

Citrix said its inquiry into the intrusion is “moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly.” Until more details are available, it’s too early to know the scope of the breach or its effect on customers.

Written by : Dan Goodin
Source :

Like it? Share with your friends!

Adem Balcı


Your email address will not be published.

Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Voting to make decisions or determine opinions
Formatted Text with Embeds and Visuals
The Classic Internet Listicles
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Upload your own images to make custom memes
Youtube, Vimeo or Vine Embeds
Soundcloud or Mixcloud Embeds
Photo or GIF
GIF format