Iranian hackers stole terabytes of data from Citrix

As reported by Citrix through her blog, the FBI informed them about hacker attacks on the company's internal IT resources.

Citrix launched an investigation and found that there was unauthorized access to internal documents.

Independent company Resecurity claims that Citrix was attacked by the Iranian hacker group Iridium. Resecurity experts report two cases of downloading data from the Citrix network. The first incident occurred on December 20, 2018 and then about 6 TB of data were downloaded. The second incident happened on March 4 of this year and the hackers managed to download about 10 TB of data.

All data stolen from Citrix (files on shared network resources, emails, etc.) is somehow related to projects at NASA, the FBI, as well as Saudi Aramco, the state-owned oil company of Saudi Arabia.

The total number of Citrix client customers affected and affected by the incidents is unknown.

Resecurity experts suggest that hackers penetrated and entrenched in the Citrix network about 10 years ago.

An investigation by the FBI showed that for the initial access to the network, the hackers used a technique of searching for known passwords in an attempt to get inside under any account, and then increase their privileges using some kind of proprietary two-factor authentication bypass technique.

The investigation is ongoing ...