Jake Williams, vice president of research and development, says, “I can't believe we're seeing command injection vulnerabilities in any product in 2024, let alone a secure remote access product that's approved for use by the US government.” There should be additional investigation.” Cybersecurity consultant Hunter Strategy and a former NSA hacker. “Those are some of the easiest bugs to identify and fix at this point.”
BeyondTrust is an accredited “Federal Risk and Authorization Management Program” vendor, but Williams speculates that it was possible that Treasury was using a non-FedRAMP version of the company's Remote Support and Privileged Remote Access cloud products. If the breach did indeed impact FedRAMP-certified cloud infrastructure, Williams says, “this could be the first breach and almost certainly the first time FedRAMP cloud tools are misused to facilitate remote access to a customer's system.” Was done.”
This violation occurred just as American officials have Struggling to address a major espionage campaign The compromise of US telecom is attributed to a China-backed hacking group known as Salt Typhoon. White House officials told reporters On Friday, Typhoon Salt damaged nine US telecoms.
“We would not leave our homes, our offices open and yet our critical infrastructure—the private companies that own and operate our critical infrastructure—often do not have basic cybersecurity practices in place that make our infrastructure risky, costly and Will make it difficult. To attack countries and criminals,” Anne Neuberger, deputy national security adviser for cyber and emerging technologies, said on Friday.
Treasury, CISA and FBI officials did not respond to WIRED's questions about whether the actor responsible for the Treasury breach was Salt Typhoon specifically. Treasury officials said in the disclosure to Congress that they would provide more information about the incident in the department's mandatory 30-day supplemental notification report. As details continue to emerge, Hunter Strategy's Williams says the scale and scope of the breach may be even larger than currently visible.
“I hope the impact will be more significant than just access to some declassified documents,” he says.