Ethical Hacking News
The US Treasury Department has disclosed a major cybersecurity breach, revealing that hackers from a China-backed hacking group had accessed certain unclassified documents on Treasury computers. The breach highlights the vulnerabilities of remote access technology and underscores the need for continued vigilance and improvement in cybersecurity practices within critical infrastructure.
Hackers from a China-backed hacking group called Salt Typhoon breached US Treasury Department computers using vulnerabilities in remote tech support software provided by BeyondTrust. The breach was attributed to command injection vulnerabilities, which are common application flaws that can be easily exploited to gain access to a target's systems. Experts believe the impact of the breach may be even larger than initially thought due to the ease with which these vulnerabilities can be identified and remediated. The breach has raised concerns about the security practices in place within critical infrastructure, including the lack of basic cybersecurity measures. CISA added two command injection vulnerabilities exploited by Salt Typhoon to its "Known Exploited Vulnerabilities Catalog" on December 19.
The United States Treasury Department recently disclosed a major cybersecurity breach, revealing that hackers from a China-backed hacking group known as Salt Typhoon had accessed certain unclassified documents on Treasury computers. The breach was attributed to vulnerabilities in remote tech support software provided by the identity and access management firm BeyondTrust.
According to the Treasury's disclosure notice to Congress, the attackers exploited command injection vulnerabilities in the software, which are common application flaws that can be easily exploited to gain access to a target's systems. The compromised BeyondTrust service has been taken offline, but experts believe that the impact of the breach may be even larger than initially thought.
"It is not surprising that we're seeing command injection vulnerabilities in 2024 in any products," said Jake Williams, vice president of research and development at the cybersecurity consultancy Hunter Strategy. "These are some of the easiest bugs to identify and remediate at this point." However, the breach has raised concerns about the security practices in place within critical infrastructure.
"We wouldn't leave our homes, our offices, unlocked and yet our critical infrastructure—the private companies owning and operating our critical infrastructure—often do not have the basic cybersecurity practices in place that would make our infrastructure riskier, costlier, and harder for countries and criminals to attack," said Anne Neuberger, deputy national security adviser for cyber and emerging technology.
The breach comes as US officials have been scrambling to address a massive espionage campaign compromising US telecoms that has been attributed to Salt Typhoon. The attackers exploited vulnerabilities in BeyondTrust's Remote Support SaaS customers, including the critical command injection vulnerability "CVE-2024-12356" and the medium-severity command injection vulnerability "CVE-2024-12686."
CISA added the former CVE to its “Known Exploited Vulnerabilities Catalog” on December 19. Command injection vulnerabilities are common application flaws that can be easily exploited to gain access to a target's systems.
The Treasury Department said in its disclosure notice that it had been collaborating with the FBI, the Cybersecurity and Infrastructure Security Agency, and the intelligence community broadly as well as private "forensic investigators" to evaluate the situation. However, Treasury officials did not immediately return WIRED's request for additional information about the breach.
CISA referred questions back to the Treasury Department. BeyondTrust was not immediately available for comment about the situation.
The US government has been taking steps to address cybersecurity threats in recent years. The Federal Risk and Authorization Management Program (FedRAMP) is a framework that helps federal agencies assess and implement secure cloud technologies. However, despite these efforts, vulnerabilities like those exploited by Salt Typhoon remain a threat.
As new details emerge about the breach, experts warn that the impact could be more significant than initially thought. "I expect the impact to be more significant than access to just a few unclassified documents," said Jake Williams.
The incident highlights the need for continued vigilance and improvement in cybersecurity practices within critical infrastructure. As technology continues to evolve, so too must our defenses against cyber threats.
In related news, the US Treasury Department has been working on various projects aimed at improving its cybersecurity posture. The agency has also been collaborating with private companies and other government agencies to address emerging threats.
The breach is also a reminder of the importance of remote access security. As more and more work is done remotely, the risk of unauthorized access increases. Companies like BeyondTrust are working to improve their software's security features, but it is clear that more needs to be done.
In conclusion, the recent breach of the US Treasury Department highlights the vulnerabilities of remote access technology. While improvements have been made in cybersecurity practices, there is still much work to be done to address the growing threat of cyber attacks.
Related Information:
https://www.wired.com/story/us-treasury-hacked-by-china/
https://nvd.nist.gov/vuln/detail/CVE-2024-12356
https://www.cvedetails.com/cve/CVE-2024-12356/
https://nvd.nist.gov/vuln/detail/CVE-2024-12686
https://www.cvedetails.com/cve/CVE-2024-12686/
Published: Mon Dec 30 22:41:32 2024 by llama3.2 3B Q4_K_M
