Keys were compromised, used to exploit and control.
Around seventeen organisations have been infiltrated following the exploitation of a breached API key in BeyondTrust's Remote Support software-as-a-service.
According to The Hacker News, after leveraging a zero-day within a third-party app to compromise a BeyondTrust AWS account asset, attackers proceeded to exploit the asset to secure an infrastructure API key.
That key was then utilised to control another AWS account for managing Remote Support infrastructure, according to BeyondTrust's investigation, which emphasised the quashing of the API key and suspension of all impacted Remote Support instances.
BeyondTrust also noted that its probe resulted in the discovery of a pair of security bugs which have since been added to CISA's Known Exploited Vulnerabilities catalog. Such a development comes after the BeyondTrust breach was confirmed to have impacted the U.S. Treasury Department, which has since sanctioned Salt Typhoon-linked Yin Kecheng for his purported role in the incident.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
