Stan Black, chief security and information officer at Citrix, has said the company was informed by the FBI on Wednesday that international cyber hackers may have accessed and downloaded documents through a tactic that uses weak passwords called password spraying.
Black wrote in a blog post published Friday that Citrix has launched a forensic investigation, sought the help of a cybersecurity firm and initiated actions to protect its internal network in response to the incident.
“The specific documents that may have been accessed, however, are currently unknown,” Black noted.
“At this time, there is no indication that the security of any Citrix product or service was compromised.”
NBC News reported Saturday that a group of Iranian-backed threat actors called Iridium was behind the breach, stealing over six terabytes of data using compromised employee accounts.
Cyber firm Resecurity told the publication the company initially detected in December the cyber attack, which was followed by another one on Monday.
Charles Yoo, president of Resecurity, said Iridium was also linked to other breaches targeting government agencies and oil and gas firms.