Breach detection firm Mandiant: Attackers Exploited Heartbleed bug one day after its disclosure. Attacker posing as an authorized user tunneled into the computer system of a major corporation. Canadian authorities arrested a teenager this week for his alleged role in exploiting the vulnerability to steal data from the Canada Revenue Agency website. Attack bypassed multi-factor authentication as well as the VPN client software used to validate that systems connecting to the VPN are owned by the corporation. The source of the heartbeat response was the organization’s internal secure sockets layer VPN device, Mandiant says.”]
Source: https://www.bankinfosecurity.com/mandiant-heartbleed-leads-to-attack-a-6766