Australian telecommunications giant Telstra revealed on Wednesday that the corporate network of Pacnet was breached by an unknown actor.
Pacnet is a Hong Kong-based company that provides connectivity, data center and managed services to carriers, corporations and governments in the APAC region. In December 2014, Telstra acquired Pacnet, which operates one of the region’s largest fiber optic networks, for US$697 million as part of the company’s plans to expand in Asia.
After completing the acquisition last month, Telstra learned that Pacnet’s corporate network, including email and business management systems, had been breached. The Australian telecoms giant sent a team to Hong Kong to assess the situation, and hired external experts to handle incident response.
Based on the investigation, Telstra determined that the attackers exploited a SQL injection vulnerability to upload malicious software to Pacnet’s network. The malicious actor was then able to steal credentials belonging to users and administrators, said Mike Burgess, Telstra’s Chief Information Security Officer.
“We immediately addressed the security vulnerability that allowed access to the network, removed all known malicious software and put in place additional monitoring and incident response capabilities that we routinely apply to all of our networks,” Burgess explained.
“We also ran indicator of compromise checks across all of the Pacnet corporate IT network computers, both servers and workstations.”
The CISO has highlighted that Pacnet’s corporate network is isolated from Telstra’s and there is no evidence of unauthorized activity on Telstra’s network.
In the statement published on Wednesday, Burgess said there is no evidence that information was stolen, but the told The Australian that they actually couldn’t determine from logs and forensic information what was taken from the network. The Telstra representative noted that it’s clear that the attackers had complete access to Pacnet’s corporate network.
“While we will look into who was behind the breach we may never know as attribution is very difficult. We have not had any contact from the perpetrators nor do we know the reason behind this activity,” Burgess said. “Our focus at this time is not on attribution. It is on working with our customers and staff to help them understand what has occurred.”
In June 2013, former NSA contractor Edward Snowden revealed that Pacnet was among the Chinese telecommunications companies targeted by the US intelligence agency. According to Snowden, who was in Hong Kong at the time, US spies hacked the Tsinghua University in Beijing and the headquarters of Pacnet.