Networking software company Citrix Systems Inc said on Friday it has taken action to fix incident involving unauthorized access to its internal network.
The company said it was contacted by the FBI on March 6, 2019, to advise they had reason to believe that international cyber criminals gained access to the Citrix network.
Citrix commenced a forensic investigation; engaged cyber security firm to assist; took actions to secure our internal network; and continues to work with the FBI.
"In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information," Citrix said.
Based on what Citrix knows to date, it appears that the hackers may have accessed and downloaded business documents. The specific documents that may have been accessed, however, are currently unknown. At this time, there is no indication that the security of any Citrix product or service was compromised.
The FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security.