BeyondTrust Vulnerability Exploited in U.S. Treasury BreachBeyondTrust Vulnerability Exploited in U.S. Treasury Breach

Threat actors victimized identity security provider BeyondTrust and subsequently the U.S. Treasury Department in the latest supply chain attack.

The Treasury department on Monday wrote to the U.S. Senate disclosing the U.S. Treasury hack. According to the letter, the department found out on Dec. 8 that the threat actor had obtained a key used for BeyondTrust's remote support services for the department. The attacker bypassed BeyondTrust's security and accessed particular user workstations. Moreover, the group accessed unclassified documents.

Adititi Hardikar, the Treasury's assistant secretary for management, the threat actors don't currently have access to the workstations or Treasury information. She added that BeyondTrust has taken its compromised service offline. Hardikar said the perpetrator appeared to be a "Chinese state-sponsored Advanced Persistent Threat (APT) actor."

How BeyondTrust Fits into U.S. Treasury Hack

Media reports link this news to a security incident that BeyondTrust learned of Dec. 5. The affected service in that case is Remote Support SaaS. The incident took place Dec 2., according to BeyondTrust.

"A thorough investigation into the cause and impact of the compromise is underway with a recognized third-party cybersecurity and forensics firm. Our initial investigation has found that no BeyondTrust products outside of Remote Support SaaS are impacted," the company wrote in a blog post, last updated Dec. 18.

Related:Salt Typhoon Reportedly Hacks AT&T, Verizon, Lumen

BeyondTrust said Dec. 16 that a "medium-severity vulnerability" had impacted self-hosted and cloud-based Remote Support and Privileged Remote Access products. BeyondTrust has released patches for the vulnerability.

IT-related supply chain attacks picked up in 2024. Building off the impact of the 2020 SolarWinds attack, state-sponsored hacking groups have been using the platforms of IT and telecom providers as back doors into businesses and governments. Most recently, the Salt Typhoon attack breached telcos to intercept customer call information and conduct espionage.