- Joined
- Mar 3, 2018
- Messages
- 1,713
Cloud service, VoIP and remote management software provider Citrix has reportedly been hit by an Irianian-linked hacker group. A little less than week ago, Citrix posted a notice on their website saying the FBI believed "international cyber criminals gained access to the internal Citrix network." The press release wasn't particularly alarming, as it says that "there is no indication that the security of any Citrix product or service was compromised" even though hackers "may have accessed and downloaded business documents."
However, a separate report from the cyber security firm Resecurity claims that the Iranian hacker group IRIDIUM was behind the attack, and that they had access to "6 terabytes of sensitive data stored in the Citrix enterprise network, including e-mail correspondence, files in network shares and other services used for project management and procurement." Even more worryingly, the security firm says they warned Citrix on December 28, 2018, but as far as I can tell, the company hasn't posted a public response until today. Citrix was reportedly the victim of a password spraying attack, where a small pool of commonly used passwords are used to brute force a large number of accounts, and Resecurity seems to think this attack is a small component of a larger campaign.
The Iranian-linked group known as IRIDIUM has hit more than 200 government agencies, oil and gas companies and technology companies including Citrix Systems, Inc... Friday, December 28, 2018 at 10:25 AM - Resecurity reached out to Citrix and shared an early warning notification about a targeted attack and data breach. Based on the timing and further dynamics, the attack was planned and organized specifically during Christmas period. The incident has been identified as a part of a sophisticated cyberespionage campaign supported by nation-state due to strong targeting against government, military-industrial complex, energy companies, financial institutions and large enterprises involved in critical areas of economy... We forecast a continued growth of targeted cyber-attacks on supply chains of government and large enterprises organized by state-actors and sophisticated cyberespionage groups.
However, a separate report from the cyber security firm Resecurity claims that the Iranian hacker group IRIDIUM was behind the attack, and that they had access to "6 terabytes of sensitive data stored in the Citrix enterprise network, including e-mail correspondence, files in network shares and other services used for project management and procurement." Even more worryingly, the security firm says they warned Citrix on December 28, 2018, but as far as I can tell, the company hasn't posted a public response until today. Citrix was reportedly the victim of a password spraying attack, where a small pool of commonly used passwords are used to brute force a large number of accounts, and Resecurity seems to think this attack is a small component of a larger campaign.
The Iranian-linked group known as IRIDIUM has hit more than 200 government agencies, oil and gas companies and technology companies including Citrix Systems, Inc... Friday, December 28, 2018 at 10:25 AM - Resecurity reached out to Citrix and shared an early warning notification about a targeted attack and data breach. Based on the timing and further dynamics, the attack was planned and organized specifically during Christmas period. The incident has been identified as a part of a sophisticated cyberespionage campaign supported by nation-state due to strong targeting against government, military-industrial complex, energy companies, financial institutions and large enterprises involved in critical areas of economy... We forecast a continued growth of targeted cyber-attacks on supply chains of government and large enterprises organized by state-actors and sophisticated cyberespionage groups.