Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Telstra Discloses Breach of Pacnet Corporate Network

Australian telecommunications giant Telstra revealed on Wednesday that the corporate network of Pacnet was breached by an unknown actor.

Australian telecommunications giant Telstra revealed on Wednesday that the corporate network of Pacnet was breached by an unknown actor.

Pacnet is a Hong Kong-based company that provides connectivity, data center and managed services to carriers, corporations and governments in the APAC region. In December 2014, Telstra acquired Pacnet, which operates one of the region’s largest fiber optic networks, for US$697 million as part of the company’s plans to expand in Asia.

After completing the acquisition last month, Telstra learned that Pacnet’s corporate network, including email and business management systems, had been breached. The Australian telecoms giant sent a team to Hong Kong to assess the situation, and hired external experts to handle incident response.

Based on the investigation, Telstra determined that the attackers exploited a SQL injection vulnerability to upload malicious software to Pacnet’s network. The malicious actor was then able to steal credentials belonging to users and administrators, said Mike Burgess, Telstra’s Chief Information Security Officer.

“We immediately addressed the security vulnerability that allowed access to the network, removed all known malicious software and put in place additional monitoring and incident response capabilities that we routinely apply to all of our networks,” Burgess explained.

“We also ran indicator of compromise checks across all of the Pacnet corporate IT network computers, both servers and workstations.”

The CISO has highlighted that Pacnet’s corporate network is isolated from Telstra’s and there is no evidence of unauthorized activity on Telstra’s network.

In the statement published on Wednesday, Burgess said there is no evidence that information was stolen, but the told The Australian that they actually couldn’t determine from logs and forensic information what was taken from the network. The Telstra representative noted that it’s clear that the attackers had complete access to Pacnet’s corporate network.

“While we will look into who was behind the breach we may never know as attribution is very difficult. We have not had any contact from the perpetrators nor do we know the reason behind this activity,” Burgess said. “Our focus at this time is not on attribution. It is on working with our customers and staff to help them understand what has occurred.”

In June 2013, former NSA contractor Edward Snowden revealed that Pacnet was among the Chinese telecommunications companies targeted by the US intelligence agency. According to Snowden, who was in Hong Kong at the time, US spies hacked the Tsinghua University in Beijing and the headquarters of Pacnet.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.