Software giant Citrix on Tuesday announced that it has completed its investigation into the data breach detected earlier this year.
The company has confirmed that hackers had access to its network between October 13, 2018, and March 8, 2019. They gained access by using a method known as password spraying, which involves attempts to access accounts with a few commonly used passwords.
On certain days during this period, the attackers stole business documents and other files from a shared network drive used by the company for storing current and historical documents. They also targeted a drive associated with a web-based tool used by Citrix’s consulting practice.
It’s also possible that the threat group behind the attack, which the FBI reportedly described as “international cyber criminals,” also accessed individual virtual drives and company email accounts of a “limited number of users.”
Some of the compromised files stored information on current and former employees, including their social security numbers and financial information. It’s unclear how many individuals have been impacted.
Citrix said it found no evidence that any of its products or cloud services were compromised, and the company is confident that the hackers did not identify or exploit any vulnerabilities in its products or services as part of the attack.
“As part of an extensive e-discovery process, experts are carefully reviewing documents and files that may have been accessed or were stolen in this incident. We have notified, or shortly will notify, the limited number of customers who may need to consider additional protective steps,” David Henshall, president and CEO of Citrix, said in a citrix completes investigation breach
