Walled-off corporate network hacked using Heartbleed
Attackers took advantage of a delay between the disclosure of Heartbleed on 4/7 and the time when companies began plugging the hole to bust into a Mandiant customer’s system, the security firm said on 4/18.
The firm did not name the client.
Starting on 4/8, the hackers began attacking a piece of OpenSSL-based networking equipment that contained the Heartbleed defect.
“Through Heartbleed, they obtained encryption keys that allowed them to bypass two kinds of safeguards–virtual private network software and requests for multi-factor identification,” according to the Journal. “Once inside the network, the attackers tried to move on to access more sensitive pieces of information, though Mandiant wouldn’t elaborate.”
There is no evidence the intruders actually took data.
Mandiant is perhaps best known for a 2013 report linking the Chinese military to cyberspying operations against Western firms and countries.
ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.