Summary: CISA has identified a command injection vulnerability in BeyondTrust’s software as actively exploited, prompting U.S. federal agencies to secure their networks. The vulnerabilities were discovered following a breach that allowed attackers to steal an API key, leading to further compromises linked to Chinese state-backed hackers, Silk Typhoon.
Threat Actor: Silk Typhoon | Silk Typhoon
Victim: U.S. Treasury Department | U.S. Treasury Department
Key Point :
- CISA has tagged CVE-2024-12686 and CVE-2024-12356 vulnerabilities in BeyondTrust’s software as actively exploited.
- Silk Typhoon is linked to the breach of the U.S. Treasury Department, utilizing a stolen API key from BeyondTrust.
- BeyondTrust has issued security patches, but self-hosted instances require manual updates.