According to an announcement by the head of data security, Stan Black, the company was first informed about the FBI attack on March 6 when it was found that the attackers had access to "business documents."
It was not mentioned when the attackers had access to the company's network, nor how long it had been.
If you are a Citrix customer, in addition to losing some data, there are two other issues that should worry you: firstly, attackers have been able to bypass the 'extra layers of security' into a major technology company, and secondly that the company has not even discovered the incident until he contacted the FBI.
In a blog post, a notorious company, Resecurity reported that an attack by an Iranian team, known as Iridium, had stolen "at least" 6TB sensitive data from Citrix, along with emails and recordsdata.
Separately, NBC News reported that he had spoken to Resecurity chairman Charles Yoo, who informed them that the attackers had accessed the Citrix network using two accounts of employees whom they violated.
Resecurity's allegations have not been presented because they have been resolved with some caution until further evidence is released. At this point however, Citrix has not denied them.
For Citrix customers and the broader business, the importance of this story lies in the data. For example, Resecurity claims that the attackers have discovered two-factor authentication techniques (2FA) for "critical applications and services for further unauthorized access to Virtual Private Networks (VPN) and SSO (Single Sign-On).
If it is correct, how serious this is, depends on the format of the 2FA reported. If OTP passwords are sent using SMS or created through an application, it may be associated with numerous violations reported in recent months.