Citrix provides server, application and desktop virtualisation, networking, software as a service, and cloud computing technologies. Among its clients are some 98% of the Fortune 500, according to its own website.
A blog post authored by Stan Black, chief security and information officer, said the company, which has headquarters in both Florida and California, had been told by the FBI on 6 March of the intrusion.
He said the specific documents that may have been accessed, however, were currently unknown, adding that there was no indication that the security of any Citrix product or service had been compromised.
"If we take Citrix at their word, this appears to be more of an espionage case than a supply chain attack," said Williams who now runs his own information security outfit, Rendition Infosec.
Black wrote that the FBI had informed the company that the attackers had probably used a tactic known as password spraying, a technique that exploits weak passwords, to gain entry.
"Once they gained a foothold with limited access, they worked to circumvent additional layers of security," he wrote.
He said the company had started a forensic investigation and engaged an unspecified "leading cyber security firm" to help.
"[We] took actions to secure our internal network; and continue to co-operate with the FBI," Black added, promising the company would provide updates on the investigation as information came to hand.
In January, Citrix reported revenue of US$802 million for the final quarter of the fiscal year that ended on 31 December 2018. Profits were listed as US$166 million.
The company's share price fell by about 3% on news of the breach, according to Reuters.