Citrix Hacked By Foreign Criminals, Business Documents Possibly Downloaded

Citrix disclosed Friday that foreign cybercriminals hacked into its internal network and may have accessed and downloaded business documents.

The Santa Clara, Calif.-based software company said it was contacted by the FBI on Wednesday, who told them there was reason to believe there had been a successful cyberattack on the company's network, according to a blog post Friday from Stan Black, Citrix's chief security and information officer. It doesn't appear the security of any Citrix product or service was compromised, according to Black.

"It appears that the hackers may have accessed and downloaded business documents," Black wrote. "The specific documents that may have been accessed, however, are currently unknown."

[Related: 16 Hottest Network And Endpoint Security Products Unveiled At RSA San Francisco]

Citrix's stock closed Friday down $2.89 (2.51 percent) to $99.98 per share. That's the lowest closing price for Citrix's stock since Dec. 24, 2018.

The FBI advised Citrix that the hackers likely used a tactic known as password spraying, where the threat actor tries a single commonly used password against many accounts. If unsuccessful, additional common passwords will be tried until the accounts are accessed. Once the hackers gained a foothold with limited access, Black said they worked to circumvent additional layers of security.

Citrix took actions to re-secure its internal network and has commenced a forensic investigation into the breach, Black said. Specifically, the company is continuing to cooperate with the FBI and has engaged a outside cybersecurity firm to assist.

"Citrix is moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly," Black said. "In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information."

The breach disclosure comes just three days after Citrix updated its SD-WAN offering to help enterprises to administer user-centric policies and connect branch employees to applications in the cloud with greater security and reliability. The product is intended to simplify branch networking by converging WAN edge capabilities and defining security zones to apply different policies for different users.