Citrix says hackers were inside its networks for nearly five months

Malicious actors spent months stealing personal and financial information from employees, contractors, job candidates, and even dependents

Citrix says hackers were inside its networks for nearly five months

Cyber

By Lyle Adriano

Nearly a year after it reported suffering a cyberattack, software company Citrix Systems has revealed that the hackers responsible were stealing data from its systems for nearly five months.

Within those five months, the cyber attackers made off with the personal and financial data of company employees, contractors, interns, job candidates and even their dependents. 

Citrix warned in a recent letter that that the information taken may have included driver’s license numbers, passport numbers, financial account numbers, payment card numbers, and Social Security Numbers or other tax identification numbers. Limited health claims information – such as health insurance participant identification numbers and/or claims information – may have also been stolen by the hackers.

The Federal Bureau of Investigation first notified Citrix in March 2019 that it had reason to believe that hackers gained access to the company’s internal network, likely through a technique called “password spraying” – a brute force approach to accessing employee accounts by using common passwords.

A month after the alert, Citrix announced that it found that the hackers “may have accessed and downloaded business documents,” and that it was still in the process of identifying what was accessed or stolen.

Cybersecurity blog Krebs on Security reported that the company sent letters to affected individuals on February 10, 2020 that disclosed more details about the attack – almost a year after the initial report. According to the letters, the attackers had “had intermittent access” to the company’s internal network between October 13, 2018 and March 08, 2019. The letters also said that there was no evidence that the cybercriminals responsible remain in Citrix’s systems.

Krebs on Security added that it is currently unclear how many people received Citrix’s letter.

Last year, security company Resecurity claimed that it had evidence that suggested that Iranian hackers were responsible for the Citrix hack. The firm also claimed that the hackers had been in Citrix’s network for years, and had managed to offload terabytes worth of data. Resecurity said that it had notified Citrix of the breach as early as December 28, 2018.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!