Back to Recollections
Beginner
2017
Credit Bureau Breach
Target: Equifax Web Portal
Impact: Massive PII Theft
Operational Briefing
Exploit a known Apache Struts vulnerability to exfiltrate sensitive data of 147 million people.
The Full Story
One of the largest data breaches in history exposed the private information of 147 million Americans. Attackers gained access to Equifax's dispute portal and operated undetected for months.
Technical Analysis
Vulnerability
- CVE-2017-5638: A remote code execution vulnerability in Apache Struts 2.
- Attack Vector: The vulnerability allowed attackers to execute system commands by crafting a malicious Content-Type HTTP header.
- Failures: The patch was available for months before the breach but was not applied. Network segmentation was poor, allowing lateral movement to databases.
Available Modes
Offensive
Replicate the attack vector
Defensive
Harden systems & patch
Analysis
Forensic investigation
Event Timeline
March 2017
Apache releases patch for Struts vulnerability.
May 2017
Attackers gain initial access to Equifax.
July 2017
Equifax security team discovers suspicious traffic.
Sept 2017
Public disclosure of the breach.
#Web Exploit#Apache Struts#Data Exfiltration