Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
“I can’t believe we’re going to see a command injection vulnerability in a product in 2024, a secure remote access product that’s supposed to be over-verified for use by the US government,” said Jake Williams, vice president of research and development, Cyber Security. Strategy consultancy Hunter and a former NSA hacker. “These are some of the easiest bugs to detect and remediate at the moment.”
BeyondTrust is a recognized “Federal Risk and Authorization Management Program” vendor, but Williams speculated that it’s possible Treasury is using a non-FedRamp version of the company’s Remote Support and Privileged Remote Access cloud products. If the breach did indeed affect FedRAMP-certified cloud infrastructure, though, Williams said, “this could be one of the first breaches and almost certainly the first time FedRAMP cloud tools were misused to facilitate remote access to customer systems.”
The breach comes as US officials say scrambling to deal with a massive espionage campaign US telecoms have been compromised in what has been blamed on a China-backed hacking group known as Salt Typhoon. White House officials told reporters On Friday, Typhoon Salt disrupted nine US telecoms.
“We won’t leave our homes, our offices, unlocked, and yet our critical infrastructure—the private companies that own and operate our critical infrastructure—often lack basic cybersecurity practices that will make our infrastructure vulnerable, expensive and difficult for countries and criminals to attack. for,” Anne Neuberger, deputy national security adviser for cyber and emerging technologies, said Friday.
Treasury, CISA and FBI officials did not respond to WIRED’s questions about whether the actor in the Treasury breach was specifically Salt Typhoon. Treasury officials have publicly told Congress they will provide more information about the incident in the department’s mandatory 30-day supplemental notification report. As details continue to emerge, Hunter Strategy’s Williams said the scale and scope of the breach may be larger than currently appears.
“I expect the impact to be more significant than just access to a few unclassified documents,” he says.
