14 DAY TRIAL // Australia’s largest telecommunication company Telstra Corporation Limited discovered a compromise on the systems of Pacnet, a business it acquired for about a billion dollars for its managed and data center services.
Telstra was informed shortly after completing the acquisition of Pacnet last month that the newly added asset had been accessed without authorization by an unknown party who managed to access the corporate computer network.
Perpetrator uploaded malware on Pacnet's network
The immediate response was to initiate an investigation into the matter, which entailed sending Telstra security experts to Pacnet’s headquarters in Hong Kong.
In its endeavor, the company received help from an external security incident response team whose name remains undisclosed.
“Our investigation found that a third party had gained initial access to Pacnet’s corporate network through a SQL vulnerability that enabled malicious software to be uploaded to the network and ultimately led to the theft of admin and user credentials,” said Mike Burgess, Chief Information Security Officer at Telstra, in a post on Wednesday.
According to Burgess, at the moment, there is no information that data was exfiltrated from Pacnet’s corporate network.
Telstra customers are not affected
The telecommunications company addressed the incident as soon as its nature was understood, and all malware has been removed as all workstations and servers in the Pacnet network have been verified for indicators of compromise.
Burgess says the services provided by Pacnet and Telstra run on isolated networks, so Australian customers remain unaffected by the event.
Finding out who is behind the attack is not a priority for Telstra, as the focus right now is on informing customers and staff about what happened.
Attribution of a security incident is difficult because attackers often rely on compromised devices and route their connection through different networks in order to hide their tracks. However, discovering the identity of the perpetrator is on the list of tasks related to this incident.
Part of the security hardening measures required involve additional monitoring and incident response capabilities.