Citrix was contacted by the FBI recently about an internal network breach involving business documents potentially exposing customer data. The Iranian-linked group, IRIDIUM, has attacked more than 200 government agencies, oil and gas firms, and technology companies in the past. This targeted network intrusion, allegedly by the same group, was planned and organized with a likely used tactic of password spraying, which is a technique of exploiting weak passwords for a large number of accounts and ultimately bypassing additional layers of security. As this breach is still under investigation, the specific documents are currently unknown and there is no indication of compromise to Citrix products and services at the time of this writing. The NJCCIC recommends using strong and unique passwords, using multi-factor authentication where available, and monitoring accounts and systems. We also encourage users to review Cybersecurity Best Practices here for more information on how to keep their accounts and data safe. More information about the Citrix breach can be found in their blog post here and Forbes’ blog post here.