jsr on Nostr: NEW: #China gov hackers breached #TreasuryDept Not a ton of clarity on what was taken ...
NEW: #China gov hackers breached #TreasuryDept
Not a ton of clarity on what was taken yet.
Sounds like it went like this:
STEP 1:Targeted Treasury security vendor #BeyondTrust
STEP 2: Stole BT's key for support platform
STEP3: tech support platform becomes backdoor on #Treasury machines
Ouch.
Analogy-ish: burglar breaks into plumber's office & steals master keys to the buildings they service...
Given BeyondTrust's big client list, presumably with many juicy targets for the #PRC it makes you wonder who else may have been targeted.
Talented reporting crew of Raphael Satter & AJ Vicens point to a recent posting by BeyondTrust about an incident that identified a series of vulnerabilities in their remote support tools.
Sure sounds like this is it...
Tom Hegel rightly points out the longstanding pattern of hackers from #China targeting trusted 3rd party platforms (hello cybersecurity, identity & authentication vendors!) to go after big targets.
Pulling back a bit, this is a good reminder that #cybersecurity for most institutions today is heavy with services from 3rd party vendors.
Which means a complex layer of threat for defenders who also have to worry about the first order problems the #infosec vendor products seek to address...
Good times for the gov-backed #hacker class.
Reuters: https://www.reuters.com/technology/cybersecurity/us-treasurys-workstations-hacked-cyberattack-by-china-afp-reports-2024-12-30/
Beyond Trust: https://www.beyondtrust.com/remote-support-saas-service-security-investigation
Not a ton of clarity on what was taken yet.
Sounds like it went like this:
STEP 1:Targeted Treasury security vendor #BeyondTrust
STEP 2: Stole BT's key for support platform
STEP3: tech support platform becomes backdoor on #Treasury machines
Ouch.
Analogy-ish: burglar breaks into plumber's office & steals master keys to the buildings they service...
Given BeyondTrust's big client list, presumably with many juicy targets for the #PRC it makes you wonder who else may have been targeted.
Talented reporting crew of Raphael Satter & AJ Vicens point to a recent posting by BeyondTrust about an incident that identified a series of vulnerabilities in their remote support tools.
Sure sounds like this is it...
Tom Hegel rightly points out the longstanding pattern of hackers from #China targeting trusted 3rd party platforms (hello cybersecurity, identity & authentication vendors!) to go after big targets.
Pulling back a bit, this is a good reminder that #cybersecurity for most institutions today is heavy with services from 3rd party vendors.
Which means a complex layer of threat for defenders who also have to worry about the first order problems the #infosec vendor products seek to address...
Good times for the gov-backed #hacker class.
Reuters: https://www.reuters.com/technology/cybersecurity/us-treasurys-workstations-hacked-cyberattack-by-china-afp-reports-2024-12-30/
Beyond Trust: https://www.beyondtrust.com/remote-support-saas-service-security-investigation