Shortly after completing its acquisition last month, Australia-based Telstra learned that an unauthorized third party gained access to the corporate IT network of data center operator Pacnet, according to post by Mike Burgess, CISO of Telstra.
Access to the network – “essentially the email and other business management systems” – was gained by exploiting a SQL injection vulnerability and uploading malware that captured administrator and user credentials, the post stated.
“We immediately addressed the security vulnerability that allowed access to the network, removed all known malicious software and put in place additional monitoring and incident response capabilities that we routinely apply to all of our networks,” Burgess wrote.
There is no evidence that information was stolen from the network, Burgess noted. According to reports, Australian Federal Police could have been impacted in the breach.