US Treasury Department Breached via Exploited Remote Support Platform

by Justin Erickson

The U.S. Treasury Department has confirmed a cybersecurity breach involving a remote support platform, allegedly exploited by a China state-sponsored Advanced Persistent Threat (APT) actor. The attacker leveraged vulnerabilities in the BeyondTrust Remote Support software to gain unauthorized access to the clients’ information using the platform, which included the Treasury’s systems. Security researchers noted that the attacker exploited a stolen API key in the platform to bypass authentication controls. Officials have stated that the intrusion was quickly detected, all compromised instances were shut down, and the API key was revoked. Two zero-days were also discovered in connection to this breach – CVE-2024-12686 and CVE-2024-12356.