W0rm has previously offered to sell stolen data from the Wall Street Journal, BBC, Adobe, Vice and CNET, but also runs legitimate penetration testing, putting it somewhere between a blackhat and whitehack hacker. It claims to have undertaken the Citrix hack for altruistic reasons, using its powers to expose the security flaws of big networks.
The hack took place in October and was exposed by security firm Cyberint in Israel, but Elad-Ben Meir, Cyberint’s vice president of marketing, told SC Magazine the company failed to respond to repeated attempts to notify it. The hackers themselves also tweeted Citrix with a link to its blog post (in Russian) and received no response.
The group was able to exploit a series of security holes to gain access to the company’s administrative system, including the remote assistance system, potentially giving it remote access to thousands of customers’ endpoints.
Those endpoints could then be used to steal sensitive information or to hijack as a botnet to run DDoS attacks.
‘The truly disturbing thing about this incident is that it shows how easily even very reputable external IT contractors, on whom companies rely to protect their data in the cloud, are vulnerable,’ said Meir.
Tony Pepper, CEO of security specialist Egress Software, said the incident prompts questions about organisations’ ability to effectively deploy information security measures across their business.