Citrix Systems Inc. informed customers on Friday that the U.S. Federal Bureau of Investigation told the company that hackers gained access to its systems and stole data.

While not providing much in the way of details, Citrix said that it had taken “action to contain this incident,” including launching a forensic investigation as well as “taking actions to secure its network.”

After the initial revelation, more details of the hack have come to light. Security firm Resecurity International Inc. claimed that it reached out to both the FBI and Citrix when it became aware of the attack — that is, before it was publicly disclosed.

The research firm said an Iranian government-linked hacking group called IRIDIUM stole at least 6 terabytes of sensitive internal files stored in the Citrix enterprise network, including e-mail correspondence, files and other services used for project management and procurement.

“The incident has been identified as a part of a sophisticated cyberespionage campaign supported by nation-state due to strong targeting on government, military-industrial complex, energy companies, financial institutions and large enterprises involved in critical areas of economy,” Resecurity said in a blog post.

Resecurity initially claimed that attacks took place in December and as recently as Monday. But Resecurity President Charles Yoo later told NBC that the hackers may have broken into Citrix’s network about 10 years ago and have been “lurking inside the company’s system ever since.”

Citrix provides services to more than 400,000 companies and other organizations, including 98 percent of the Fortune 500.

Chris Morales, head of security analytics at Vectra Networks Inc., questioned why it took Citrix to become aware of the security breach via the FBI.

“The FBI as a source of breach notification happens far too often and it is unfortunate because once the FBI is aware, it is usually too late as exfiltration of information has already occurred,” Morales said. “While we often point to lack of maturity of security operations as to why a company would miss an attack, it is even more unfortunate when a security vendor is compromised that does have the skills and capabilities to defend against cyberattacks.”

Morales added that every company could stand to improve its level of network visibility. “As a security vendor, I know our own industry must practice the same vigilance we preach,” he said. “Even then, we must assume a breach can occur and be prepared to respond before information is stolen that can impact our clients.”

Photo: citrixsynergy/Flickr