Keys were compromised, used to exploit and control.
Around seventeen organisations have been infiltrated following the exploitation of a breached API key in BeyondTrust's Remote Support software-as-a-service.
According to The Hacker News, after leveraging a zero-day within a third-party app to compromise a BeyondTrust AWS account asset, attackers proceeded to exploit the asset to secure an infrastructure API key.
That key was then utilised to control another AWS account for managing Remote Support infrastructure, according to BeyondTrust's investigation, which emphasised the quashing of the API key and suspension of all impacted Remote Support instances.
BeyondTrust also noted that its probe resulted in the discovery of a pair of security bugs which have since been added to CISA's Known Exploited Vulnerabilities catalog. Such a development comes after the BeyondTrust breach was confirmed to have impacted the U.S. Treasury Department, which has since sanctioned Salt Typhoon-linked Yin Kecheng for his purported role in the incident.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
