Ethical Hacking News
US government officials are being urged to switch to end-to-end encrypted messaging apps like Signal to reduce communication interception risks following a breach of the US Treasury Department's remote support platform. The breach, which was linked to Chinese state-sponsored threat actors, highlights the need for improved cybersecurity measures in light of recent wave of telecom breaches.
The US Treasury Department has been breached by state-sponsored threat actors who exploited a remote support platform. The breach was discovered when the vendor BeyondTrust notified them that one of its Remote Support SaaS instances had been compromised. Two zero-day vulnerabilities, CVE-2024-12356 and CVE-2024-12686, were used to breach the remote support platform. The threat actors stole documents remotely from agency computers using the compromised instances. The breach is linked to Chinese state-sponsored threat actors known as "Salt Typhoon" who have also been involved in recent telecom hacks. The incident highlights the need for improved cybersecurity measures, particularly when it comes to remote work arrangements.
The US Treasury Department has been breached, and it's not just a minor slip-up that can be easily contained. No, this is a deliberate and calculated attack by state-sponsored threat actors, who have managed to exploit a remote support platform used by the federal agency. The breach, which was first reported on December 8th, has left many in the cybersecurity community scratching their heads, wondering how such a sophisticated operation could go undetected for so long.
According to a letter sent to lawmakers by the Treasury Department, the breach was discovered when the vendor BeyondTrust notified them that one of its Remote Support SaaS instances had been compromised. BeyondTrust is a privileged access management company that also offers a remote support platform that can be used to access computers remotely. It's this very platform that the threat actors exploited, using a stolen API key to reset passwords for local application accounts and gain further privileged access to the systems.
As part of the breach, the threat actors utilized two zero-day vulnerabilities, CVE-2024-12356 and CVE-2024-12686, which allowed them to breach and take over Remote Support SaaS instances. Once they had gained access, they used these compromised instances to access agency computers and steal documents remotely. The Treasury Department quickly responded to the breach by shutting down all compromised instances and revoking the stolen API key.
However, this was not an isolated incident. According to reports from BleepingComputer, BeyondTrust had been breached earlier in the month, with threat actors gaining access to some of its Remote Support SaaS instances. It's worth noting that BeyondTrust is just one of several companies that offer remote support platforms, and it's likely that other similar platforms may also have been compromised.
The breach has sparked concerns about the security of remote work arrangements, which have become increasingly common in recent years. As more and more people work remotely, the risk of cyber attacks increases, as there are more potential entry points for hackers to exploit. The US Treasury Department's breach serves as a stark reminder of this reality.
But what makes this breach so particularly concerning is that it's been linked to Chinese state-sponsored threat actors. These actors, known as "Salt Typhoon", have also been linked to recent hacks of nine U.S. telecommunication companies, including Verizon, AT&T, Lument, and T-Mobile. The threat actors used these compromised instances to target the text messages, voicemails, and phone calls of targeted individuals, and to access wiretap information of those under investigation by law enforcement.
This wave of telecom breaches has sparked concerns about national security, as it's believed that Chinese state-sponsored threat actors have been using this access to gather sensitive information. The U.S. government has reportedly planned to ban China Telecom's last active U.S. operations in response to the telecom hacks.
The breach also highlights the need for improved cybersecurity measures, particularly when it comes to remote work arrangements. As more and more people work remotely, there is a greater risk of cyber attacks, and it's up to companies and individuals to take steps to mitigate this risk.
In light of this breach, senior government officials have been urged to switch to end-to-end encrypted messaging apps like Signal to reduce communication interception risks. This is a step that many in the cybersecurity community agree with, as these types of messages are much harder to intercept and decode than traditional text-based communications.
The US Treasury Department's breach serves as a stark reminder of the importance of cybersecurity measures, particularly when it comes to remote work arrangements. As we move forward into an increasingly digital world, it's up to us all to take steps to protect ourselves from cyber attacks.
Related Information:
https://www.bleepingcomputer.com/news/security/us-treasury-department-breached-through-remote-support-platform/
https://www.theverge.com/2024/12/30/24332429/us-treasury-department-beyondtrust-hack-security-breach
https://nvd.nist.gov/vuln/detail/CVE-2024-12356
https://www.cvedetails.com/cve/CVE-2024-12356/
https://nvd.nist.gov/vuln/detail/CVE-2024-12686
https://www.cvedetails.com/cve/CVE-2024-12686/
Published: Mon Dec 30 17:22:46 2024 by llama3.2 3B Q4_K_M
