“I can’t believe we’re seeing command injection vulnerabilities in 2024 in a product, let alone a secure remote access product that is supposed to have additional controls for use by the US government,” says Jake Williams, vice president of research and development at cybersecurity consultancy Hunter Strategy and a former NSA hacker. “These are some of the easiest bugs to identify and fix at this stage. »
BeyondTrust is an accredited “Federal Risk and Authorization Management Program” vendor, but Williams speculates that it is possible that Treasury is using a non-FedRAMP version of the preferred remote assistance and remote access cloud products of the company. If the breach actually affected FedRAMP-certified cloud infrastructure, Williams says, “this would be perhaps the first breach and almost certainly the first time that FedRAMP cloud tools were abused to facilitate remote access to systems of a customer”.
This violation comes as U.S. officials struggles to confront massive espionage campaign compromising US telecommunications that has been attributed to the China-backed hacking group known as Salt Typhoon. White House officials told reporters Salt Typhoon breached nine US telecommunications on Friday.
“We would not leave our homes and offices unlocked and yet our critical infrastructure (the private companies that own and operate our critical infrastructure) often do not have in place the basic cybersecurity practices that would make our infrastructure more secure. risky, more expensive and more difficult. so countries and criminals can attack,” Anne Neuberger, deputy national security adviser for cybersecurity and emerging technologies, said Friday.
Officials from Treasury, CISA and the FBI did not respond to WIRED’s questions about whether the actor who breached Treasury was specifically Salt Typhoon. Treasury officials said in the statement to Congress that they would provide more information about the incident in the department’s mandatory 30-day supplemental notification report. As details continue to emerge, Hunter Strategy’s Williams says the scale and scope of the breach could be even greater than it currently appears.
“I expect the impact to be greater than access to a few unclassified documents,” he says.
