Summary: BeyondTrust has completed an investigation into a cybersecurity incident affecting its Remote Support SaaS instances, revealing unauthorized access via a compromised API key. The breach, which involved 17 customers, was attributed to a zero-day vulnerability in a third-party application used to gain access to BeyondTrust’s AWS account. The U.S. Treasury Department has been identified as one of the affected parties, and the incidents have been linked to the China-linked hacking group Silk Typhoon.
Affected: BeyondTrust and its Remote Support SaaS customers, including the U.S. Treasury Department
Keypoints :
- Compromised API key led to unauthorized access and password resets for 17 Remote Support customers.
- CVE-2024-12356 and CVE-2024-12686 added to CISA’s Known Exploited Vulnerabilities catalog.
- Incident attributed to the Silk Typhoon hacking group, with sanctions placed on an individual linked to the breach.
Source: https://thehackernews.com/2025/02/beyondtrust-zero-day-breach-exposes-17.html