Sensitive data leakage in Citrix
Citrix has reported that on March 6, 2019, the FBI contacted them to warn them that they had reason to believe that international cybercriminals had accessed their internal network.
The security breach, caused by Iranian cyber-criminals, has made it possible to reveal 6 TB of sensitive information from different customers. The FBI considers that a technique known as password spraying has been used, a type of brute force attack in which a small number of commonly used passwords are checked against multiple users.
Citrix is committed to updating customers with more information as the investigation progresses, and to continuing to work with the relevant authorities.
References:
- 08/03/2019 citrix.com Citrix investigating unauthorized access to internal network
- 08/03/2019 theregister.co.uk Iranian-backed hackers ransacked Citrix, swiped 6TB+ of emails, docs, secrets, claims cyber-biz
- 08/03/2019 cyberscoop.com Citrix says FBI investigating network breach by 'international cyber criminals'
- 11/03/2019 unaaldia.hispasec.com Brecha de seguridad en Citrix expone 6TB de información sensible