Summary: In December 2023, attackers exploited PostgreSQL vulnerabilities to breach BeyondTrust and subsequently compromised U.S. Treasury systems using a stolen API key. The assaults have been linked to Chinese state-backed hackers, Silk Typhoon, who targeted sensitive U.S. agencies. Rapid7’s research revealed critical vulnerabilities (CVE-2024-12356 and CVE-2025-1094) affecting BeyondTrust systems, with recent patches failing to fully resolve these issues.
Affected: BeyondTrust, U.S. Treasury Department
Keypoints :
- Attackers exploited two zero-day vulnerabilities (CVE-2024-12356, CVE-2025-1094) to breach BeyondTrust and influence U.S. security systems.
- Breached U.S. Treasury networks were linked to Chinese state-backed hackers, targeting organizations involved in national security.
- Recent patches failed to address all root causes of the vulnerabilities despite preventing exploitation in some scenarios, according to Rapid7’s findings.