“I can't believe we're seeing command injection vulnerabilities by 2024 in any product, let alone an access product,” said Jake Williams, vice president of research and development at Secure Remote is additionally vetted for use by the US government.” cybersecurity consulting firm Hunter Strategy and a former NSA hacker. “They are some of the easiest errors to identify and fix at this time.”
BeyondTrust is a recognized “Federal Risk and Authorization Management Program” provider, but Williams speculates that it is possible that Treasury is using a non-FedRAMP version of its Remote Support cloud products and Corporate Privileged Remote Access. However, Williams said, if the breach actually affected FedRAMP-certified cloud infrastructure, “it could be the first breach and almost certainly the first of cloud tools FedRAMP was abused to facilitate remote access to customer systems.”
The violation occurred when US officials were trying to solve a major espionage campaign The breach of the US telecommunications network was attributed to a Chinese-backed hacking group called Salt Typhoon. White House officials told reporters on Friday that Salt Typhoon had hit nine US telecommunications agencies.
“We won't leave our homes, our offices, unlocked, but our critical infrastructure — the private companies that own and operate our critical infrastructure — often don't.” Having basic cybersecurity practices in place makes our infrastructure riskier, more expensive, and more challenging. for nation states and criminals to attack,” Anne Neuberger, deputy national security adviser for cyber and emerging technologies, said Friday.
Treasury, CISA and FBI officials did not respond to WIRED's questions about whether the agent of the Treasury breach was specifically Salt Typhoon. Treasury officials said in their disclosure to Congress that they would provide more information about the incident in the department's mandatory 30-day supplemental notification report. As details continue to emerge, Hunter Strategy's Williams said that the scale and scope of the breach could be even larger than what currently appears.
“I hope the impact will be more significant than just having access to some unclassified documents,” he said.