[andrewcooke]

cool, but if they were given a single IP to target why could they have the mouse on another machine? alternatively: if they could attack other machines, why not use another machine that was exposed via the network? something isn't consistent.

[thaumaturgy]

I'm assuming that they were asked to compromise a typical tightened corporate network, in which there's only a single external address -- the firewall's -- and therefore that's the only address they had to work with.

In that case, compromising one of the clients behind the firewall is the typical next step for an attack. (They did a heck of a nice job on that, though.)