The U.S. Treasury Department was confirmed to have its computers and documents compromised by Chinese state-backed advanced persistent threat hackers in an attack targeted at its BeyondTrust Remote Support software-as-a-service instance just over a week after the BeyondTrust breach was initially reported, reports BleepingComputer.
Attacks conducted by the Chinese threat actors involved the exploitation of an exfiltrated Remote Support API key, as well as a pair of zero-days, tracked as CVE-2024-12356 and CVE-2024-12686, to facilitate Remote Support hijacking, according to BeyondTrust, which also proceeded to takedown all affected instances.
BeyondTrust's shutdown of impacted Remote Support implementations has already removed Chinese hackers' access to the Treasury Department's computers, said the department in a letter to lawmakers, which noted a probe into the incident conducted alongside the Cybersecurity and Infrastructure Security Agency and the FBI.
Such a development comes as Chinese state-sponsored threat operation Salt Typhoon was confirmed to have targeted nine U.S. telecommunications firms as part of a widespread cyberespionage campaign.
