Security News > 2020 > February > Hackers Were Inside Citrix for Five Months

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents.

The FBI told Citrix the hackers likely got in using a technique called "Password spraying," a relatively crude but remarkably effective attack that attempts to access a large number of employee accounts using just a handful of common passwords.

Citrix said the information taken by the intruders may have included Social Security Numbers or other tax identification numbers, driver's license numbers, passport numbers, financial account numbers, payment card numbers, and/or limited health claims information, such as health insurance participant identification number and/or claims information relating to date of service and provider name.

Shortly after Citrix initially disclosed the intrusion in March 2019, a little-known security company Resecurity claimed it had evidence Iranian hackers were responsible, had been in Citrix's network for years, and had offloaded terabytes of data.

A report released this week by security firm ClearSky details how Iran's government-backed hacking units have been busy exploiting security holes in popular VPN products from Citrix and a number of other software firms.

News URL

https://krebsonsecurity.com/2020/02/hackers-were-inside-citrix-for-five-months/