On March 8, Citrix disclosed that international cyber criminals had gained access to the internal Citrix network.

We are devoting significant resources to manage this incident with painstaking deliberateness and thoroughness. We have brought on board multiple leading cyber security firms to assist our internal team with the work, and we continue to be engaged with the FBI.

Based on where we are in the investigation at this point:

  • We identified password spraying, a technique that exploits weak passwords, as the likely method by which the threat actors entered our network.
  • We have taken measures to expel the threat actors from our systems. Additionally, we’ve performed a forced password reset throughout the Citrix corporate network and improved internal password management protocols.
  • We have found no indication that the threat actors discovered and exploited any vulnerabilities in our products or services to gain entry.
  • Based upon the investigation to date, there is no indication that the security of any Citrix product or service was compromised by the threat actors.

Our investigation is ongoing, and it is a complex and dynamic process. We are committed to providing updates as soon as we have meaningful and accurate information to share.

We also want to share information with our customers, including lessons learned and best practices that can help them protect their own systems. To this end, Hector Lima, Senior Vice President Worldwide Customer Success, begins today with a series of blogs outlining best practices to follow in the implementation of Citrix technology. His first blog focuses on multi-factor authentication.

We will continue to provide updates on the incident as we learn more credible and actionable information with the understanding that it is difficult to predict how long an investigation like this will take. We are going to continue to follow all indicators of suspicious activity to ensure we have thoroughly addressed this incident.