The US Treasury Department admits it was hacked by China
“I can’t believe that in 2024 we’ll see command injection vulnerabilities in any product, let alone a secure remote access product whose use is under additional scrutiny by the U.S. government,” said Jake Williams, vice president of research and Development at cybersecurity consulting firm Hunter Strategy and a former NSA hacker. “They are currently one of the easiest bugs to identify and fix.”
BeyondTrust is an accredited provider of the Federal Risk and Authorization Management Program, but Williams suspects it’s possible the Treasury Department used a non-FedRAMP version of the company’s Remote Support and Privileged Remote Access cloud products. However, if the breach does indeed affect FedRAMP-certified cloud infrastructure, Williams says, “it could be the first breach of such and almost certainly the first time that FedRAMP cloud tools have been abused to allow remote access.” to a customer’s systems.”
The breach comes as US officials have done They fight to combat a massive espionage campaign US telecommunications compromise attributed to Chinese-backed hacker group Salt Typhoon. White House officials told reporters On Friday, the Salt typhoon damaged nine US telecommunications networks.
“We wouldn’t leave our homes and offices unlocked, and yet our critical infrastructure – the private companies that own and operate our critical infrastructure – often lack the basic cybersecurity practices that would make our infrastructure riskier, more costly and more difficult for countries and Criminals who can attack,” Anne Neuberger, deputy national security adviser for cyber and emerging technologies, said Friday.
Officials from the Treasury Department, CISA and FBI did not respond to WIRED’s questions about whether the perpetrator who broke into the Treasury Department was specifically Salt Typhoon. Treasury officials said in the disclosure to Congress that they would provide more information about the incident in the department’s required 30-day supplemental notification report. As more details continue to emerge, Hunter Strategy’s Williams says the scale and scope of the breach may be even larger than it currently appears.
“I expect the impact will be greater than access to just a few unclassified documents,” he says.
