Iran TerrorismCyberattack on Software Giant Citrix Attributed to Iranian Hackers

Cyberattack on Software Giant Citrix Attributed to Iranian Hackers

-

Cyberattack on Software Giant Citrix

By Mehdi

On March 6th Citrix was informed by the FBI that its systems had been breached by “international cyber criminals.” Last Friday, the company revealed that its internal network had been breached and the attackers may have stolen business documents.

Citrix has launched a forensic investigation and it has taken action to secure its network. So far, the investigation suggests that the business documents were accessed and downloaded, but has yet to determine exactly which documents might have been stolen.

The company claims that there is no evidence that the attack compromised the security of its products or services.

Citrix CISO Stan Black stated, “While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security.”

Resecurity, a cybersecurity firm, claims that the attack was carried out by the Iran-linked group IRIDIUM, reported to have hit over 200 organizations, including government agencies, tech firms, and oil and gas companies. In a blog post, Resecurity said that it had alerted Citrix of an attack on December 28th. They believe that at least 6 terabytes of data were stolen from Citrix, including emails and files associated with project management and procurement.

“The incident has been identified as a part of a sophisticated cyberespionage campaign supported by nation-state due to strong targeting on government, military-industrial complex, energy companies, financial institutions and large enterprises involved in critical areas of economy,” Resecurity said in a blog post. “The arsenal of IRIDIUM includes proprietary techniques allowing to bypass 2FA authorization for critical applications and services for further unauthorized access to VPN (Virtual Private Networks) channels and SSO (Single Sign-On),” the firm added.

Representatives of Resecurity told NBC News that the attackers may have been lurking inside Citrix’s network for the past 10 years.

The Wall Street Journal recently ran an article on attacks carried out by Iranian hackers. It cited Resecurity saying that Citrix had been hit by Iranian hackers. However, a statement that Citrix provided to WSJ claimed that a single employee account was compromised in 2018 and that the hacker only gained access to an old version of a list containing Citrix employee contact information. Citrix also claimed that it had found no evidence that any other accounts had been compromised or that the attack may have been the work of a state-sponsored actor.

Resecurity’s claims that Iran was behind the attack have also been called into question by cybersecurity experts.

Regarding the recent attack on Australia’s political parties and parliament, Resecurity stated that is was the work of Iranian hackers. The Australian government has not accused anyone, but it did say the attack was apparently carried out by a “sophisticated state actor.” Sources close to the investigation told The Sydney Morning Herald that the prime suspect was actually China.

While Kaspersky Lab’s Costin Raiu pointed out inconsistencies in Resecurity’s claims — like the hackers having access to Citrix systems for the past ten years — he also told NBC News that Citrix came under attack twice, once in December and “again on Monday.”

In 2015 Citrix had a breach, but the company claimed that no customer or corporate data had been accessed by the hacker.

Latest news

Iran’s Negative Economic Growth: From Statistical Manipulation to the Collapse of Investment

When the gap between official figures and reality becomes too wide, the economic crisis is no longer confined to...

Iraq Sets September 30 as Deadline for Disarmament of Iranian Regime-Backed Militia Groups

Iraqi government spokesperson Haider al-Aboudi announced on Monday, June 29, that the government has given Shiite armed groups backed...

Escalating Iran-US Conflict Cuts Strait of Hormuz Traffic, Lifts Oil Prices

Oil Prices Rise and Ship Traffic Through the Strait of Hormuz Declines Following Tensions Between Iran and the United...

The ‘No To Executions Tuesdays’ campaign has entered its 127th week

The campaign “No to Executions Tuesdays,” a prisoner-led protest against executions held across multiple prisons in Iran, entered its...

Sixty-two Members of the Iranian Regime’s Assembly of Experts Call for Keeping the Strait of Hormuz Closed

As signs of divisions and rivalry at the highest levels of the Iranian regime have become increasingly apparent, 62...

Workers and Retirees in Iran Once Again Protest Over Living Conditions

Retirees and workers held protest gatherings and marches in several cities across Iran on Sunday, June 28, once again...

Must read

71 Iranians Summoned to Court Over July Protests

Some 71 Iranians were summoned to the Public and...

Trump Criticises French President for Sending “Mixed Signals” to Iran

By Jubin Katiraie Tensions between the United States and...

You might also likeRELATED
Recommended to you