Chinese attackers were able to gain access to highly confidential information stored in US Treasury after a third-party service used for remote IT support was hacked.
December 8 cybersecurity firm BeyondTrust warned users that it had discovered that the API key for its SaaS remote support solution had been compromised.
stolen key may allow attackers to initiate password resets for local application accounts, advisory The firm’s website added a message saying it had immediately revoked the key in question.
In an update published on December 18, BeyondTrust said its investigation had identified two vulnerabilities in its remote support and privileged remote access products.
The first, CVE-2024-12356, was listed as a critical command injection vulnerability. CVSS score 9.8.
The other zero-day vulnerability, CVE-2024-12686, was less severe, receiving an average severity rating of 6.6, and the company said both vulnerabilities have been patched for all vulnerabilities. cloud instances tool, and the patch is available for local versions.
“We continue to pursue every avenue within the forensic investigation, including our work with external forensic experts, to ensure the investigation is as thorough as possible. We also continue to communicate and work closely with all known affected customers and will provide updates here until the investigation is completed,” BeyondTrust said.
Group Chinese State Sponsored Hackers He reportedly used the key to carry out a spy attack on a number of secret Treasury offices, with the full consequences of the hack yet to be determined.
Cyber espionage will be the ‘name of the game’ next year
IN letter The U.S. Treasury Department, provided to lawmakers, said the attack constituted “major incident‘, explaining that the hackers were able to use the key to access workstations as well as “certain unclassified data maintained by these users.”
US officials said Wall Street Journal that the attackers were targeting the Office of Foreign Assets Control (OFAC), the agency responsible for national policy. economic sanctions.
The hackers also targeted the Office of Financial Research, the sources added. The Treasury Department has confirmed that the affected BeyondTrust service has been taken offline, with no evidence that the attackers were able to retain access to Treasury information.
The letter added that the Ministry of Finance is working with FBICISA and third party investigators to fully understand the incident and assess its impact.
Ian Birdsey, partner and data protection litigation specialist at law firm Clyde & Co, said the incident signals what he believes will be a continued trend of cyber attacks being used to further geopolitical goals.
“Hybrid (cyber-centric) warfare will be a top priority in 2025, and we are increasingly seeing nation-state-sponsored cyber attacks being used for intelligence gathering purposes, including to improve competitiveness, overtaking traditional R&D through acquisition intellectual property and trade secrets of Western organizations,” he explained.
“This discovery highlights the enormous challenge posed by advanced persistent threats (APTs), especially those sponsored by nation states. These attacks, often aimed at espionage, are carried out using highly sophisticated and hidden tacticsmaking them much more difficult to detect.”
Birdsey added that this incident highlights two increasingly common weaknesses in IT systems used by cybercriminals: insecurity software supply chainand vulnerable remote access tools.
“The incident reflects two recurring vulnerabilities: supply chain risk and flaws in remote access software. financially motivated cybercriminals. However, no system, supplier or supply chain is immune from compromise, and if compromised, even robust IT security measures can be bypassed,” he said.
“This incident highlights the importance of focusing on monitoring and detecting unauthorized activity to mitigate the impact of a cyber event, recognizing preventive measures can only take organizations so far. Understanding that a security incident happens then, not if it happens, is a critical mindset shift that all organizations need to make.”