“I can’t believe we’re seeing command injection vulnerabilities in 2024 in any product, much less a secure remote access product that’s supposed to have additional research for use by the US government,” says Jake Williams, vice president of research and development at cybersecurity consultancy Hunter Strategy and a former NSA hacker. “They are some of the easiest errors to identify and remedy right now.”
BeyondTrust is an accredited “Federal Risk and Authorization Management Program” provider, but Williams speculates that Treasury may have been using a non-FedRAMP version of the company’s Remote Support and Remote Privileged Access cloud products. . However, if the breach did indeed affect FedRAMP-certified cloud infrastructure, Williams says, “it could be the first breach and almost certainly the first time that FedRAMP cloud tools were abused to facilitate remote access to a client’s systems.
The breach comes as U.S. officials have struggled to address a massive spying campaign compromising U.S. telecommunications that has been blamed on the Chinese-backed hacking group known as Salt Typhoon. white house officials told reporters On Friday, Salt Typhoon affected nine US telecommunications.
“We would not leave our homes and offices unlocked, and yet our critical infrastructure (the private companies that own and operate our critical infrastructure) often do not have the basic cybersecurity practices that would make our infrastructure more risky, expensive, and difficult. for countries and criminals to attack,” Anne Neuberger, deputy national security adviser for cyber and emerging technologies, said Friday.
Treasury, CISA and FBI officials did not respond to WIRED’s questions about whether the actor who breached Treasury was specifically Salt Typhoon. Treasury officials said in the disclosure to Congress that they would provide more details of the incident in the Department’s required 30-day supplemental notification report. As details continue to emerge, Hunter Strategy’s Williams says the scale and scope of the breach may be even larger than it currently appears.
“I hope the impact is more significant than access to a few unclassified documents,” he says.