HomeCyber BalkansCISA: BeyondTrust breach impacted Treasury Department solely

CISA: BeyondTrust breach impacted Treasury Department solely

Published on

spot_img

The recent breach of the U.S. Treasury Department through the BeyondTrust service has raised concerns about the security of federal agencies. The incident, which was disclosed on Dec. 30, revealed that Chinese nation-state threat actors had gained access to user workstations and unclassified documents within the Treasury Department.

In a letter to members of the U.S. Senate Committee on Banking, Housing and Urban Affairs, the Treasury Department confirmed that BeyondTrust’s compromised cloud service was used as a vector for the breach. Since then, the department has been working closely with the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to investigate the incident.

According to a recent update from CISA, the breach was contained within the Treasury Department and did not extend to any other federal agencies. The agency assured the public that they are monitoring the situation closely and coordinating with relevant federal authorities to ensure a comprehensive response.

BeyondTrust, the vendor of the compromised service, also provided an update on the breach. The company identified suspicious activity on Dec. 2 and later discovered that attackers had compromised an API key, granting them access to a limited number of customers’ instances. The Treasury Department was notified on Dec. 8 that the API key had been used to remotely access their workstations.

While the exact method of how the attackers compromised the key remains unclear, BeyondTrust disclosed two vulnerabilities in its Remote Support and Privileged Remote Access SaaS products. The company has since mitigated these vulnerabilities and confirmed that no additional victims have been discovered.

In a security bulletin, BeyondTrust stated that all SaaS instances of Remote Support have been patched against the vulnerabilities and that no new customers have been identified as victims beyond those previously informed. However, it is still uncertain whether the Treasury Department was the only customer affected by the breach.

At present, BeyondTrust has not responded to requests for comment. The forensic investigation into the breach is ongoing, and both the Treasury Department and BeyondTrust are working together to address the security issues that led to the breach.

Overall, the breach serves as a reminder of the importance of cybersecurity measures for all organizations, especially those that handle sensitive government information. As authorities continue to investigate the incident, it is crucial for all involved parties to remain vigilant and take proactive steps to prevent future breaches.

Source link

Latest articles

Malicious actors are utilizing privileged identity access more frequently in attack chains.

Cyber attackers are continuing to target individuals and organizations by impersonating popular brands in...

ReliaQuest Secures $500M in Funding to Enhance Agentic AI Security

ReliaQuest, a security operations firm based in Tampa, Florida, recently announced a significant milestone...

Trading of malicious LLMs below the surface is driving cybercrime – Fast Company

The underground trading of malicious LLMs (Large Language Models) is a growing concern in...

Google Launches End-to-End Encryption for Gmail Business Users

Google has rolled out a new feature that offers end-to-end encryption (E2EE) capabilities for...

More like this

Malicious actors are utilizing privileged identity access more frequently in attack chains.

Cyber attackers are continuing to target individuals and organizations by impersonating popular brands in...

ReliaQuest Secures $500M in Funding to Enhance Agentic AI Security

ReliaQuest, a security operations firm based in Tampa, Florida, recently announced a significant milestone...

Trading of malicious LLMs below the surface is driving cybercrime – Fast Company

The underground trading of malicious LLMs (Large Language Models) is a growing concern in...