The black hat hacker who claimed responsibility for the Hacking Team hack has published details on how he did the hack. The Hacking Team are a group who services include helping Governments spear phish their opponents. Some say this is reason enough for them to be taken down.
The hacker says that he discarded the idea of spear-phishing Hacking Team, writing that even though the technique is "responsible for the majority of hacks these days... I didn't want to try to spear phish Hacking Team, as their whole business is helping governments spear phish their opponents, so they'd be much more likely to recognise and investigate a spear phishing attempt."
To make things challenging, Hacking Team appears to have secured their networks quite well.The Hacking Team did not expose much to the outside world an up-to-date version of Joomla, "a mail server, a couple routers, two VPN appliances, and a spam filtering appliance."
So, the hacker explains, three options presented themselves: "look for a zero-day in Joomla, look for a zero-day in postfix, or look for a zero-day in one of the embedded devices."
"A zero-day in an embedded device seemed like the easiest option," the hacker added, "and after two weeks of work reverse engineering, I got a remote root exploit."
From there he manage to get deeper into their systems. I include out of interest a copy of how he did it
Interested to note that he decided against attacking Joomla.