The US Treasury admits it was hacked by China

“I can’t believe we’re seeing command injection vulnerabilities in 2024 in any product, let alone a secure remote access product that’s supposed to undergo additional vetting for use by the U.S. government,” says Jake Williams, vice president of research and development at the company. . Cybersecurity consulting firm Hunter Strategy and former NSA hacker. “It is one of the easiest errors to identify and address at this stage.”

BeyondTrust is an authorized vendor of the federally mandated and risk management software, but Williams speculates that it’s possible the Treasury Department was using a non-FedRAMP version of the company’s cloud products for remote support and privileged remote access. If the breach actually affects FedRAMP-certified cloud infrastructure, Williams says, “This could be the first breach of one and almost certainly the first time FedRAMP cloud tools have been abused to facilitate remote access to customer systems.”

The violation comes as happened with American officials Scrambling to confront a massive espionage campaign The compromising of US communications, which has been attributed to the Chinese-backed hacking group known as Salt Typhoon. White House officials He told reporters On Friday, Hurricane Salt breached nine US communications.

“We will not leave our homes and offices open, yet our critical infrastructure — the private companies that own and operate our critical infrastructure — often do not have basic cybersecurity practices in place that can make our infrastructure more risky, more expensive, and more difficult to operate,” said Anne Neuberger, vice chancellor. National Security Cyber ​​and Emerging Technology Affairs, Friday:

Treasury, CISA, and FBI officials did not respond to WIRED’s questions about whether the actor who hacked the Treasury Department was specifically Salt Typhoon. Treasury officials said in the disclosure to Congress that they would provide more details about the incident in the department’s 30-day supplemental notification report. As details continue to emerge, Hunter Strategy’s Williams says the size and scope of the breach may be larger than it currently appears.

“I expect the impact will be more significant than just access to a few unclassified documents,” he says.