A researcher has attributed a recently publicized attack on Citrix internal network to the Iranian-linked group known as IRIDIUM. The data heist involved 6 terabytes of sensitive data, Resecurity said. Citrix told Threatpost that this is indeed the same password-spraying attack it announced itself last week. The attack appears to follow the same sequence of events that occurs in almost every major breach including Marriott and Equifax: Command and control, reconnaissance, lateral movement and data exfiltration. The attackers most likely compromised a weak password on a non-critical system, such as a desktop user or a printer.
Source: https://threatpost.com/ranian-apt-6tb-data-citrix/142688/