FlagThis

Chinese state-sponsored threat actors compromised the US Treasury Department by exploiting a vulnerability in a third-party software provider, BeyondTrust. The attackers accessed employee workstations and exfiltrated unclassified documents. This incident highlights the risk associated with third-party dependencies and supply chain attacks. The attackers gained remote access, raising concerns about the security posture of government agencies. The affected systems were not immediately identified but were confirmed to be workstations.

BeyondTrust has experienced a security incident where hackers breached their Remote Support SaaS instances by exploiting an API key, allowing for account password resets. Two critical vulnerabilities were discovered and patched, namely command injection (CVE-2024-12356) and escalation of privilege (CVE-2024-12686). This incident highlights the risks associated with API key compromise and the importance of proper security measures for SaaS platforms and privileged access management solutions.