{"id":25992,"date":"2019-03-08T19:11:39","date_gmt":"2019-03-08T19:11:39","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\/"},"modified":"2019-03-08T19:11:39","modified_gmt":"2019-03-08T19:11:39","slug":"iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\/","title":{"rendered":"Iranian hackers ransack Citrix, make off with 6TB+ of emails, biz docs, internal secrets"},"content":{"rendered":"<p><strong class=\"trailer\">Updated<\/strong> Citrix today warned its customers that foreign hackers romped through its internal company network and stole corporate secrets.<\/p>\n<p>The enterprise software giant \u2013 which services businesses, the American military, and various US government agencies \u2013 said it was told by the FBI on Wednesday that miscreants had accessed Citrix&#8217;s IT systems and exfiltrated a significant amount of data.<\/p>\n<p>According to infosec firm Resecurity, which had earlier alerted the Feds and Citrix to the cyber-intrusion, at least <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/resecurity.com\/blog\/supply-chain-the-major-target-of-cyberespionage-groups\/\">six terabytes of sensitive internal files<\/a> were swiped from the US corporation by the Iranian-backed IRIDIUM hacker gang. The spies hit in December, and Monday this week, we&#8217;re told, lifting emails, blueprints, and other documents, after bypassing multi-factor login systems and slipping into Citrix&#8217;s VPNs.<\/p>\n<p>&#8220;The incident has been identified as a part of a sophisticated cyberespionage campaign supported by nation-state due to strong targeting on government, military-industrial complex, energy companies, financial institutions and large enterprises involved in critical areas of economy,&#8221; Team Resecurity said in a statement earlier today.<\/p>\n<p>&#8220;Based our recent analysis, the threat actors leveraged a combination of tools, techniques and procedures, allowing them to conduct targeted network intrusion to access at least six terabytes of sensitive data stored in the Citrix enterprise network, including email correspondence, files in network shares, and other services used for project management and procurement.&#8221;<\/p>\n<p>LA-based Resecurity added that IRIDIUM &#8220;has hit more than 200 government agencies, oil and gas companies, and technology companies including Citrix.&#8221;<\/p>\n<p>Resecurity also said it warned Citrix on December 28 that the software giant had been turned over by the hacker crew during the Christmas period. Citrix, meanwhile, said it took action \u2013 launching an internal probe and securing its networks \u2013 after hearing from the FBI earlier this week.<\/p>\n<h3 class=\"crosshead\"><span>Ongoing<\/span><\/h3>\n<p>Earlier today, Citrix chief information security officer Stan Black gave <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.citrix.com\/blogs\/2019\/03\/08\/citrix-investigating-unauthorized-access-to-internal-network\/\">his company&#8217;s side of the story<\/a>. He said that, as of right now, Citrix does not know exactly which documents the hackers obtained nor how they got in \u2013 the FBI thinks it was by brute-forcing weak passwords \u2013 nor for how long they may have been camping on the corporate network.<\/p>\n<p>&#8220;While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents,&#8221; Black said. &#8220;The specific documents that may have been accessed, however, are currently unknown.&#8221;<\/p>\n<p>At this point, Citrix reckons the intrusion was limited to its corporate network, and thus believes customer records and data were not stolen nor touched.<\/p>\n<p>Beyond that, however, it&#8217;s anyone&#8217;s guess as to what exactly the hackers may have lifted. As a massive provider of remote management, networking, and videoconferencing products, Citrix has an extremely large portfolio spread across a number of sectors in the enterprise IT market. Its customers include the White House and the FBI, though it&#8217;s not known at the moment whether the hack involved or menaced Uncle Sam&#8217;s operations directly.<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2016\/03\/10\/password_648x429.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"citrix\"><\/p>\n<h2 title=\"No reason to panic, apparently: Redoing login details to become a regular thing\">Customers baffled as Citrix forces password changes for document-slinging Sharefile outfit<\/h2>\n<p><a href=\"https:\/\/www.theregister.co.uk\/2018\/12\/04\/password_change_for_sharefile\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>As the investigation is in its extremely early phases, Citrix said it will provide customers with regular updates as it gets more details. For now, Citrix said it is planning to cooperate fully with the FBI probe, and has also brought in an outside security firm to help investigate the intrusion and make sure that hackers will not be able to get back in to the network.<\/p>\n<p>&#8220;Citrix is moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly,&#8221; Black said.<\/p>\n<p>&#8220;In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information.&#8221; \u00ae<\/p>\n<p><em><strong>Editor&#8217;s note:<\/strong> This story was revised after publication to include Resecurity&#8217;s version of events. A spokesperson for Citrix confirmed &#8220;Stan\u2019s blog refers to the same incident&#8221; described by Resecurity, adding: &#8220;We have no further comment at this time, but as promised, we will provide updates when we have what we believe is credible and actionable information.&#8221; Resecurity declined to comment further.<\/em><\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1810\/-7146\/top-5-threat-hunting-myths?td=wptl1810\">Top 5 Threat Hunting Myths<\/a><\/p>\n<p>READ MORE <a href=\"http:\/\/go.theregister.com\/feed\/www.theregister.co.uk\/2019\/03\/08\/citrix_hacked_data_stolen\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Remote-desktop giant &#8216;among more than 200 govt agencies, oil, gas, tech corps&#8217; hit by cyber-gang Updated\u00a0 Citrix today warned its customers that foreign hackers romped through its internal company network and stole corporate secrets.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":25993,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-25992","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Iranian hackers ransack Citrix, make off with 6TB+ of emails, biz docs, internal secrets 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Iranian hackers ransack Citrix, make off with 6TB+ of emails, biz docs, internal secrets 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-03-08T19:11:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/03\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"174\" \/>\n\t<meta property=\"og:image:height\" content=\"115\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Iranian hackers ransack Citrix, make off with 6TB+ of emails, biz docs, internal secrets\",\"datePublished\":\"2019-03-08T19:11:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\\\/\"},\"wordCount\":701,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\\\/\",\"name\":\"Iranian hackers ransack Citrix, make off with 6TB+ of emails, biz docs, internal secrets 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets.jpg\",\"datePublished\":\"2019-03-08T19:11:39+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Iranian hackers ransack Citrix, make off with 6TB+ of emails, biz docs, internal secrets\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Iranian hackers ransack Citrix, make off with 6TB+ of emails, biz docs, internal secrets 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\/","og_locale":"en_US","og_type":"article","og_title":"Iranian hackers ransack Citrix, make off with 6TB+ of emails, biz docs, internal secrets 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-03-08T19:11:39+00:00","og_image":[{"width":174,"height":115,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/03\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Iranian hackers ransack Citrix, make off with 6TB+ of emails, biz docs, internal secrets","datePublished":"2019-03-08T19:11:39+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\/"},"wordCount":701,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/03\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\/","url":"https:\/\/www.threatshub.org\/blog\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\/","name":"Iranian hackers ransack Citrix, make off with 6TB+ of emails, biz docs, internal secrets 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/03\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets.jpg","datePublished":"2019-03-08T19:11:39+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/03\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/03\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/iranian-hackers-ransack-citrix-make-off-with-6tb-of-emails-biz-docs-internal-secrets\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Iranian hackers ransack Citrix, make off with 6TB+ of emails, biz docs, internal secrets"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/25992","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=25992"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/25992\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/25993"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=25992"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=25992"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=25992"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}