- BeyondTrust said it discovered an attack in early December 2024
- It discovered that some of its remote support SaaS instances were compromised
- It also discovered and fixed two zero-day vulnerabilities
BeyondTrust confirmed that it had been hit by a recent cyber attack after discovering “unusual behavior” on its network and discovering that some of its remote support SaaS instances had been compromised.
The company, which provides privileged access management (PAM) and secure remote access solutions, said in an announcement on its website that a subsequent investigation found that the threat actors had access to a remote support SaaS API key, which they used to key to reset the native application account password.
“BeyondTrust immediately revoked the API keys, notified known affected customers, and suspended those instances the same day while providing these customers with alternative remote support SaaS instances,” the company said in a statement.
This is not ransomware
The company said it discovered two vulnerabilities and fixed them. However, these vulnerabilities do not appear to have been exploited in the attack.
Regardless, BeyondTrust’s research uncovered a critical command injection flaw affecting Remote Support (RS) and Privileged Remote Access (PRA) products. This flaw is tracked as CVE-2024-12356 and has a severity score of 9.8/10 (critical).
The second flaw is a moderate severity flaw with a score of 6.6 and is numbered CVE-2024-12686. It allows attackers with existing administrator privileges to inject commands and run them as a website user with Privileged Remote Access (PRA) and Remote Support (RS).
Example provided cloud– Hosted solution for secure, scalable remote support that enables IT and help desk professionals to remotely access and troubleshoot devices or systems while maintaining strict security and compliance standards. BeyondTrust’s usual customers are large enterprises, government agencies, financial institutions, technology giants, etc.
The company did not say whether the attack affected any BeyondTrust customers, but it did emphasize that it “proactively completed” updates to its Secure Remote Access cloud customers to strengthen their defenses.
It’s unclear the nature of the attack, but the company did confirm Computer beeps This is not ransomware.
through Computer beeps