New cybersecurity incident Citrix data breach – Iranian hackers steal 6TB of sensitive data

Terrible news for today! It seems that hackers have once again managed to penetrate another IT system.
This time was the popular enterprise software company Citrix that was affected.

For those who don’t know Citrix provides services to the U.S. military, the FBI, many U.S. corporations, and various U.S. government agencies and because of this, the massive data breach is something that has a great impact on the world.

The first who found the breach was the FBI cybersecurity specialists who immediately notified Citrix about the fact that foreign hackers have compromised its IT systems and are stealing sensitive data.
The same FBI specialists believe that hackers have used a “password spraying” cyber attack in which the attackers guessed weak passwords and gained access in the company’s network from where they launched more extensive attacks.

At this time Citrix chose to not disclose many details about the breach they only said that this was a “targeted attack and data breach.”
Third party cybersecurity researchers found that the Iranian-hacker group known as IRIDIUM are responsible for the hit on Citrix in December and apparently they managed to steal at least 6 terabytes of sensitive internal files, including emails, blueprints, and other documents.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

Hacker group history:
IRIDIUM is a well known Iranian hacking group that was also behind recent cyber attacks against more than 200 government agencies worldwide, oil and gas companies, technology companies and other targets.
IRIDIUM uses techniques like bypassing multi-factor authentications for critical applications and services for further unauthorized access to VPN channels and SSO.

Researchers also say that this massive data breach is part of a sophisticated cyber espionage campaign supported by a nation-state. They also found that the hackers have leveraged a combination of tools, techniques, and procedures (TTPs) which gave them the opportunity to conduct targeted network intrusion on the Citrix enterprise network.
Based on these findings now there are strong speculations that IRIDIUM broke into Citrix’s internal network about 10 years ago, and has been lurking inside the company’s system ever since.

This new breach is very similar with the OPM breach and the consequences of the Citrix security incident could affect a broader range of targets, as the company holds sensitive data on other companies, including critical infrastructure, and government agencies.

We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.