PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

VPN Provider Citrix Hacked, Up to 6TB of Data Accessed

A security firm that warned Citrix about the breach says the hackers stole at least 6TB of data and are part of an Iranian hacking group that's targeted more than 200 organizations.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

(M.a.u/shutterstock.com)

Enterprise VPN provider Citrix has suffered a hack that may have stolen sensitive information about the company's technology.

The FBI contacted Citrix about "international cyber criminals" breaking into the company's networks, Citrix revealed Friday. The feds told Citrix that the hackers likely broke in by successfully guessing the weak password to a company account using a tactic known as "password spraying."

"While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents," Citrix said in a notice. "The specific documents that may have been accessed, however, are currently unknown."

On Dec. 28, cybersecurity Resecurity reached out to Citrix, warning them about the breach, Resecurity said in a blog post published today. The attackers are part of an Iranian hacking group that's targeted more than 200 organizations, including government agencies, oil and gas companies, and technology firms, according to Resecurity.

The hackers accessed "at least 6 terabytes of sensitive data stored in the Citrix enterprise network, including email correspondence, files in network shares and other services used for project management and procurement," Resecurity wrote.

Recommended by Our Editors

NordVPN
NordVPN - Review

The security firm didn't explain how it learned of the attack, but said it "has shared the acquired intelligence with law enforcement and partners for mitigation."

Citrix serves over 400,000 organizations, including nearly all top Fortune 500 companies. So any breach could have wide-reaching consequences, especially if it affects Citrix's VPN technology. In corporate environments, VPNs can act as a gateway to prevent outside visitors and hackers from gaining remote access to a company's internal network.

Despite the hack, Citrix said it's so far found no indication that the security of any company product or service has been compromised.

"Citrix has taken action to contain this incident. We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI," the company added in its notice.

The FBI declined to comment. Resecurity claims the hackers are backed by a nation-state, "due to strong targeting on government, military-industrial complex, energy companies, financial institutions and large enterprises involved in critical areas of economy."

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio