Skip to contentPhysical Address
304 North Cardinal St.
Dorchester Center, MA 02124
“I cannot believe that we will see command injection vulnerabilities in 2024 in any product, let alone a secure remote access product that must have additional verification for use by the US government,” says Jake Williams, vice president of research and development at cybersecurity consultancy Hunter Strategy and a former NSA hacker. “These are some of the easiest bugs to identify and fix at this point.”
BeyondTrust is an accredited vendor of the “Federal Risk and Authorization Management Program,” but Williams speculates that it’s possible the Treasury is using a non-FedRAMP version of the company’s Remote Support and Privileged Remote Access cloud products. If the breach actually affected FedRAMP-certified cloud infrastructure, however, Williams says, “it could be the first breach of one and almost certainly the first time FedRAMP cloud tools have been abused to facilitate remote access to customer systems”.
The breach comes as US officials have been scramble to tackle a massive espionage campaign compromised US telecommunications that has been attributed to the China-backed hacking group called Salt Typhoon. White House officials he told reporters Friday that Salt Typhoon violated nine American telecommunications.
“We will not leave our homes, our offices, unlocked and even our critical infrastructure – the private companies that own and operate our critical infrastructure – often do not have the basic cybersecurity practices in place that would make our infrastructure more riskier, more costly and harder for countries and criminals to attack,” Anne Neuberger, deputy national security adviser for cyber and emerging technology, said on Friday.
Treasury, CISA and FBI officials did not respond to WIRED’s questions about whether the actor who breached Treasury was specifically Salt Typhoon. Treasury officials said in the disclosure to Congress that they would provide more details of the incident in the additional 30-day notification report sent by the Department. As details continue to emerge, Hunter Strategy’s Williams says the scale and scope of the breach may be even greater than it currently appears.
“I expect the impact to be more significant than access to a few unclassified documents,” he says.
