State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Citrix

Original Release Date: 3/18/2019

Summary

Citrix was contacted by the FBI recently about an internal network breach involving business documents potentially exposing customer data. The Iranian-linked group, IRIDIUM, has attacked more than 200 government agencies, oil and gas firms, and technology companies in the past. This targeted network intrusion, allegedly by the same group, was planned and organized with a likely used tactic of password spraying, which is a technique of exploiting weak passwords for a large number of accounts and ultimately bypassing additional layers of security. As this breach is still under investigation, the specific documents are currently unknown and there is no indication of compromise to Citrix products and services at the time of this writing. 

Recommendations

The NJCCIC recommends using strong and unique passwords, using multi-factor authentication where available, and monitoring accounts and systems. We also encourage users to review Cybersecurity Best Practices here for more information on how to keep their accounts and data safe. More information about the Citrix breach can be found in their blog post here and Forbes’ blog post here.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.