Iranian-backed hackers stole data from major U.S. government contractor [Citrix]

hawki · Mar 8, 2019

"Iranian-backed hackers stole data from major U.S. government contractor

The hackers are believed to have penetrated the software giant Citrix years ago and have remained inside the company's computer network ever since.

Iranian-backed hackers have stolen vast amounts of data from a major software company that handles sensitive computer projects for the White House communications agency, the U.S. military, the F.B.I. and many American corporations, a cybersecurity firm...

Employing brute force attacks that guess passwords, the assault was carried out by the Iranian-linked hacking group known as Iridium,...

The hackers extracted at least six terabytes of data and possibly up to 10 terabytes in the assault on Citrix...

... the breach carries a potential risk that the hackers could eventually find their way into sensitive government networks,...

Citrix sells workplace software to government agencies and corporations around the world that allow employees to work remotely...

The breach of Citrix's computer network gave the hackers access to private communication with government agencies about various sensitive IT projects involving the FBI, the Missile Defense Agency, the Defense Logistics Agency, the White House communications agency, the Defense Information Systems Agency (DISA) and others..."

https://www.nbcnews.com/politics/na...-data-major-u-s-government-contractor-n980986

guest · Apr 30, 2019

Hackers went undetected in Citrix’s internal network for six months
April 30, 2019
https://techcrunch.com/2019/04/30/citrix-internal-network-breach/

Hackers gained access to technology giant Citrix’s networks six months before they were discovered, the company has confirmed.

In a letter to California’s attorney general, the virtualization and security software maker said the hackers had “intermittent access” to its internal network from October 13, 2018 until March 8, 2019, two days after the FBI alerted the company to the breach.
Citrix said the hackers “removed files from our systems, which may have included files containing information about our current and former employees and, in limited cases, information about beneficiaries and/or dependents.”

Initially the company said hackers stole business documents. Now it’s saying the stolen information may have included names, Social Security numbers and financial information.
Click to expand...

ronjor · May 2, 2019

We dunno what's worse: Hackers ransacked Citrix for FIVE months, or that Equifax was picked to help mop up the mess

By Iain Thomson in San Francisco 2 May 2019
Hardly reassuring on any level
Click to expand...

guest · May 31, 2019

Citrix Sued For Not Securing Employee Info Before Data Breach
May 31, 2019
https://www.bleepingcomputer.com/ne...ot-securing-employee-info-before-data-breach/

A class action complaint was filed by an ex-employee of Citrix for damages suffered following the security breach which allowed hackers to access Citrix's internal assets for roughly six months and to steal sensitive personal information of both current and former employees.

She further states that the class action complaint was brought against the company because it failed to both protect their PII data after collecting as an employment condition and for not informing its employees in a timely fashion of what data was stolen in the data breach.
According to the class action complaint filed with the U.S. District Court Southern District of Florida, the causes of action are negligence, violations of the Florida Unfair and Deceptive Trade Practices Act, breach of implied contract, breach of fiduciary duty, and breach of confidence.
Click to expand...

guest · Jul 22, 2019

Citrix hack caused by weak passwords, lax infosec
July 22, 2019
https://www.crn.com.au/news/citrix-hack-caused-by-weak-passwords-lax-infosec-528544

Citrix has now wrapped up its own investigation into the breach with help from FireEye.
A blog post detailing the investigation confirmed that the cybercrims gained access to Citrix’ network with a "password spraying" effort that tried multiple passwords for a distinct user name.

Since the breach, Citrix has performed a global password reset, improved internal password management and strengthened password protocols. Citrix also deployed endpoint agent technology from FireEye across its systems.
[...] password spraying is an old and well-understood form of attack that is often combated with the simple precaution of limiting the number of login attempts that will be accepted over a set period. For Citrix not to have such controls in place is a long way short of known best practice.
Click to expand...

guest · Feb 19, 2020

Hackers Were Inside Citrix for Five Months
February 19, 2020
https://krebsonsecurity.com/2020/02/hackers-were-inside-citrix-for-five-months/

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords.

In a statement released at the time, Citrix said it appeared hackers “may have accessed and downloaded business documents,” and that it was still working to identify what precisely was accessed or stolen.
But in a letter sent to affected individuals dated Feb. 10, 2020, Citrix disclosed additional details about the incident. According to the letter, the attackers “had intermittent access” to Citrix’s internal network between Oct. 13, 2018 and Mar. 8, 2019, and that there was no evidence that the cybercrooks still remain in the company’s systems.
Click to expand...

guest · Jan 28, 2021

Citrix's $2.3 million settlement offer for employees impacted by data breach approved
Hackers lurked undetected in company systems for five months.
January 28, 2021
https://www.zdnet.com/article/citri...lement-for-employees-impacted-by-data-breach/

Citrix employees impacted by a data breach that resulted in the theft of their data have secured a $2.275 million settlement.

The settlement, first agreed in June 2020, has now met with the approval of Judge Ron Altman, as reported by Bloomberg Law.
This week, the judge issued preliminary approval for the settlement figure in the US District Court for the Southern District of Florida.
Click to expand...

Log in or Sign up

Iranian-backed hackers stole data from major U.S. government contractor [Citrix]

hawki Registered Member

guest Guest

ronjor Global Moderator

guest Guest

guest Guest

guest Guest

guest Guest

Log in or Sign up

Iranian-backed hackers stole data from major U.S. government contractor [Citrix]

hawki Registered Member

guest Guest

ronjor Global Moderator

guest Guest

guest Guest

guest Guest

guest Guest

Useful Searches