NEW: #China gov hackers breached #TreasuryDept

Not a ton of clarity on what was taken yet.

Sounds like it went like this:

STEP 1:Targeted Treasury security vendor #BeyondTrust

STEP 2: Stole BT's key for support platform

STEP3: tech support platform becomes backdoor on #Treasury machines

Ouch.

Analogy-ish: burglar breaks into plumber's office & steals master keys to the buildings they service...

Given BeyondTrust's big client list, presumably with many juicy targets for the #PRC it makes you wonder who else may have been targeted.

Talented reporting crew of Raphael Satter & AJ Vicens point to a recent posting by BeyondTrust about an incident that identified a series of vulnerabilities in their remote support tools.

Sure sounds like this is it...

Tom Hegel rightly points out the longstanding pattern of hackers from #China targeting trusted 3rd party platforms (hello cybersecurity, identity & authentication vendors!) to go after big targets.

Pulling back a bit, this is a good reminder that #cybersecurity for most institutions today is heavy with services from 3rd party vendors.

Which means a complex layer of threat for defenders who also have to worry about the first order problems the #infosec vendor products seek to address...

Good times for the gov-backed #hacker class.

Reuters: https://www.reuters.com/technology/cybersecurity/us-treasurys-workstations-hacked-cyberattack-by-china-afp-reports-2024-12-30/

Beyond Trust: https://www.beyondtrust.com/remote-support-saas-service-security-investigation