According to ARS Technica and other sources, the breach was accomplished by exploiting a web application vulnerability, Apache Struts CVE-2017-5638, for which a patch had been identified more than two months earlier. Tenable has plugins that customers can use to detect these vulnerable Apache Struts installs in their environment.