Feb 01, 2025Ravie LakshmananVulnerability / Zero-Day
BeyondTrust has revealed that it has finished looking into a new security incident that used a affected API key to target some of the company’s distant support SaaS instances.
The organization claimed that 17 Remote Support SaaS customers were the victims of the violation, and that regional program password reset using the API key enabled unauthorized access. The violation was identified for the first time on December 5, 2024.
The company reported this week that it was discovered that a third-party program with a zero-day risk was used to obtain an online resource in a BeyondTrust AWS account.
The risk actor was finally able to use the access to that asset to unlock an infrastructure API key that could be used to fund a different AWS account that ran remote support infrastructure.
The American access management company did not name the application that was questioned for the API key, but claimed that the investigation had identified two distinct ones in its own products ( and CVE-2024-1266 ).
BeyondTrust has since removed the compromised API code, suspended all known affected customer circumstances, and provided them with other Remote Support SaaS instances.
It’s worth noting that the U. S. Cybersecurity and Infrastructure Security Agency ( CISA ) added both CVE-2024-12356 and CVE-2024-12686 to its Known Exploited Vulnerabilities (KEV ) catalog, citing evidence of active exploitation in the wild. The precise nature of the malignant activity is not known at this time.
The U.S. Treasury Department announced it was one of the affected parties as part of the growth. No additional governmental organizations have been deemed to have been impacted.
A Beijing-based hacking group known as Silk Typhoon ( previously Hafnium ) has been linked to the attacks, with the government sanctioning a Shanghai-based cyber actor named Yin Kecheng for allegedly being a part of the Department of Treasury’s network.
Found this post interesting? To read more unique content we post, follow us on and Twitter.