The enterprise VPN provider Citrix has been hacked, and had sensitive information about the company's technology stolen by unauthorized individuals.
Here, the hackers are said to have accessed at least 6 terabytes of sensitive data stored in the company's enterprise network, including email correspondence, files in network shares and other services used for project management and procurement,
It was revealed when the FBI contacted Citrix about "international cyber criminals" breaking into the company's networks. The U.S. federal law enforcement agency told Citrix that the hackers likely broke in by successfully guessing the company's password using a tactic known as "password spraying."
"While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents," Citrix said in a notice.
"The specific documents that may have been accessed, however, are currently unknown."
Back in 2018, cybersecurity Resecurity contacted Citrix, warning them about the breach.
It is said that the attackers were part of an Iranian-linked hacking group known as Iridium, which has targeted more than 200 organizations, including government agencies, oil and gas companies, and technology firms.
According to Resecurity president Charles Yoo, the hack was focused on assets related to NASA, aerospace contracts, Saudi Arabia's state oil company and the FBI.
Despite the hack, Citrix said that it didn't find any indication that the security of its products and services has been compromised. There is also no evidence that the attacks directly penetrated U.S. government networks.
But still, the data breach incident carries a potential risk that the hackers could eventually find their way into sensitive government networks, experts said.
Citrix Systems, Inc. is an U.S.-based multinational software company that provides server, application and desktop virtualization, networking, software as a service (SaaS), and cloud computing technologies.
The company claimed that its services have been used by over 400,000 clients worldwide, including 99 percent of the Fortune 100, and 98 percent of the Fortune 500.
For this reason, any security issue or breach could have wide-reaching consequences, especially if it affects Citrix's VPN technology. In corporate environments, VPNs are used as a gateway to prevent outside visitors, third-parties and hackers from gaining remote access to a company's internal network.
"Citrix has taken action to contain this incident. We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI," said the company in its notice.
"In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information," added Citrix CSIO Stan Black.
"Citrix deeply regrets the impact this incident may have on affected customers. Citrix is committed to updating customers with more information as the investigation proceeds, and to continuing to work with the relevant law enforcement authorities."