jsr on Nostr: NEW: #China gov hackers breached #TreasuryDept Not a ton of clarity on what was taken ...
NEW: #China gov hackers breached #TreasuryDept
Not a ton of clarity on what was taken yet.
Sounds like it went like this:
STEP 1:Targeted Treasury security vendor #BeyondTrust
STEP 2: Stole BT's key for support platform
STEP3: tech support platform becomes backdoor on #Treasury machines
Ouch.
Analogy-ish: burglar breaks into plumber's office & steals master keys to the buildings they service...
Given BeyondTrust's big client list, presumably with many juicy targets for the #PRC it makes you wonder who else may have been targeted.
Talented reporting crew of Raphael Satter & AJ Vicens point to a recent posting by BeyondTrust about an incident that identified a series of vulnerabilities in their remote support tools.
Sure sounds like this is it...
Tom Hegel rightly points out the longstanding pattern of hackers from #China targeting trusted 3rd party platforms (hello cybersecurity, identity & authentication vendors!) to go after big targets.
Pulling back a bit, this is a good reminder that #cybersecurity for most institutions today is heavy with services from 3rd party vendors.
Which means a complex layer of threat for defenders who also have to worry about the first order problems the #infosec vendor products seek to address...
Good times for the gov-backed #hacker class.
Reuters:
https://www.reuters.com/technology/cybersecurity/us-treasurys-workstations-hacked-cyberattack-by-china-afp-reports-2024-12-30/Beyond Trust:
https://www.beyondtrust.com/remote-support-saas-service-security-investigationPublished at
2024-12-31 00:01:09Event JSON
{
"id": "3d38b7fc592179ac14e69c45a0858950cfdf11398800a3784e332380e130250e",
"pubkey": "609f186ca023d658c0fe019570472f59565c8be1dc163b1541fac9d90aa4e8af",
"created_at": 1735603269,
"kind": 1,
"tags": [
[
"t",
"China"
],
[
"t",
"TreasuryDept"
],
[
"t",
"BeyondTrust"
],
[
"t",
"Treasury"
],
[
"t",
"PRC"
],
[
"t",
"China"
],
[
"t",
"cybersecurity"
],
[
"t",
"infosec"
],
[
"t",
"hacker"
],
[
"r",
"wss://nostr-pub.wellorder.net/"
]
],
"content": "NEW: #China gov hackers breached #TreasuryDept\n\nNot a ton of clarity on what was taken yet.\n\nSounds like it went like this:\n\nSTEP 1:Targeted Treasury security vendor #BeyondTrust\nSTEP 2: Stole BT's key for support platform\nSTEP3: tech support platform becomes backdoor on #Treasury machines\n\nOuch.\n\n https://m.primal.net/NLzO.png \n\nAnalogy-ish: burglar breaks into plumber's office \u0026 steals master keys to the buildings they service...\n\nGiven BeyondTrust's big client list, presumably with many juicy targets for the #PRC it makes you wonder who else may have been targeted.\n\n https://m.primal.net/NLzP.png \n\nTalented reporting crew of Raphael Satter \u0026 AJ Vicens point to a recent posting by BeyondTrust about an incident that identified a series of vulnerabilities in their remote support tools.\n https://m.primal.net/NLzW.png \n\nSure sounds like this is it...\n\n https://m.primal.net/NLzc.png \n\nTom Hegel rightly points out the longstanding pattern of hackers from #China targeting trusted 3rd party platforms (hello cybersecurity, identity \u0026 authentication vendors!) to go after big targets.\n\n https://m.primal.net/NLzY.png \n\nPulling back a bit, this is a good reminder that #cybersecurity for most institutions today is heavy with services from 3rd party vendors.\n\nWhich means a complex layer of threat for defenders who also have to worry about the first order problems the #infosec vendor products seek to address...\n\nGood times for the gov-backed #hacker class.\n\nReuters: https://www.reuters.com/technology/cybersecurity/us-treasurys-workstations-hacked-cyberattack-by-china-afp-reports-2024-12-30/\n\nBeyond Trust: https://www.beyondtrust.com/remote-support-saas-service-security-investigation",
"sig": "a008bb59eee5ca947cbb21be69f734bc19667ddc0cbf5df2e6b1d7cbda556f32b861345cdee69435bcf77979538f668978c38a837a089aa20dcb60924123e3b1"
}
