Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Iranian-backed hackers stole data from major U.S. government contractor
#1
The hackers are believed to have penetrated the software giant Citrix years ago and have remained inside the company's computer network ever since.
Iranian-backed hackers have stolen vast amounts of data from a major software company that handles sensitive computer projects for the White House communications agency, the U.S. military, the FBI and many American corporations, a cybersecurity firm told NBC News.

Citrix Systems Inc. came under attack twice, once in December and again Monday, according to Resecurity, which notified the firm and law enforcement authorities.

Employing brute force attacks that guess passwords, the assault was carried out by the Iranian-linked hacking group known as Iridium, which was also behind recent cyberattacks against numerous government agencies, oil and gas companies and other targets, Charles Yoo, Resecurity's president, said.

The hackers extracted at least six terabytes of data and possibly up to 10 terabytes in the assault on Citrix, Yoo said. The attackers gained access to Citrix through several compromised employee accounts, he said.

"So it's a pretty deep intrusion, with multiple employee compromises and remote access to internal resources," he said.
While there is no evidence the attacks directly penetrated U.S. government networks, the breach carries a potential risk that the hackers could eventually find their way into sensitive government networks, experts said.
Citrix issued a statement Friday saying the FBI had informed the company Wednesday that it had come under attack from "international cybercriminals" and that it was taking action "to contain this incident."
"While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents," it said.
"At this time, there is no indication that the security of any Citrix product or service was compromised."
The company did not specify over what time period it had come under the cyberattack, how many employee accounts may have been compromised or other details. Citrix's statement came in response to an NBC News request for comment late Thursday.
"Citrix deeply regrets the impact this incident may have on affected customers," it said.
The FBI declined comment.
Resecurity informed Citrix executives of the first cyberattack in a Dec. 28 email, Yoo said.
An analysis of the cyberattack indicated the hackers were focused in particular on FBI-related projects, NASA and aerospace contracts and work with Saudi Aramco, Saudi Arabia's state oil company, according to Yoo.
Yoo said his firm, which has been tracking the Iranian-linked group for years, has reason to believe that Iridium broke its way into Citrix's network about 10 years ago, and has been lurking inside the company's system ever since.
"Once an attacker goes into an environment and compromises one account, that's just the first stage. And what we uncovered and through our own analysis is a very sophisticated campaign," he said.
  


Forum Jump:


Users browsing this thread:
2 Guest(s)