Iranian hackers steal terabytes of data from Citrix

According to Citrix through its blog, the FBI informed them about the attack by hackers on the company's internal IT resources.

Citrix launched an investigation and found that there was unauthorized access to internal documents.

Independent company Resecurity claims that Citrix was attacked by the Iranian hacker group Iridium. Resecurity experts claim two cases of downloading data from the Citrix network. The first incident occurred on December 20, 2018, and then about 6 TB of data were downloaded. The second incident happened on March 4 of this year and hackers managed to download about 10 TB of data.

All data stolen from Citrix (files on shared network resources, emails, etc.) is somehow connected with projects at NASA, the FBI, and also at Saudi Aramco, the state oil company of Saudi Arabia.

The total number of Citrix customers affected and affected by these incidents is not yet known.

Resecurity experts suggest that hackers infiltrated and entrenched themselves in the Citrix network about 10 years ago.

An FBI investigation showed that for the first access to the network, hackers used the technique of trying out known passwords in an attempt to get inside under any account, and then increase their privileges using some proprietary technique for circumventing two-factor authentication.

The investigation is ongoing ...