On March 6th 2019, the FBI contacted Citrix to advise they had reason to believe that international cyber criminals gained access to the internal Citrix network.
Citrix has taken action to contain this incident. They commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure the internal network; and continue to cooperate with the FBI.
Citrix is moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly. In investigations of cyber incidents, the details matter, and they are committed to communicating appropriately when they have what they believe is credible and actionable information.
While the investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents. The specific documents that may have been accessed, however, are currently unknown. At this time, there is no indication that the security of any Citrix product or service was compromised.
While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security.
Citrix deeply regrets the impact this incident may have on affected customers. Citrix is committed to updating customers with more information as the investigation proceeds, and to continuing to work with the relevant law enforcement authorities.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.