[BreachExchange] Hacker went undetected in Citrix's internal network for six months

[Destry Winant]

https://techcrunch.com/2019/04/30/citrix-internal-network-breach/

Hackers gained access to technology giant Citrix’s networks six months
before they were discovered, the company has confirmed.

In a letter to California’s attorney general, the virtualization and
security software maker said the hackers had “intermittent access” to
its internal network from October 13, 2018 until March 8, 2019, two
days after the FBI alerted the company to the breach.

Citrix said the hackers “removed files from our systems, which may
have included files containing information about our current and
former employees and, in limited cases, information about
beneficiaries and/or dependents.”

Initially the company said hackers stole business documents. Now it’s
saying the stolen information may have included names, Social Security
numbers and financial information.

Citrix said in a later update on April 4 that the attack was likely a
result of password spraying, which attackers use to breach accounts by
brute-forcing from a list of commonly used passwords that aren’t
protected with two-factor authentication.

We asked Citrix how many staff were sent data-breach notification
letters, but a spokesperson did not immediately comment.

Under California law, the authorities must be informed of a breach if
more than 500 state residents are involved.