BeyondTrust has revealed that the recent survey of recent cyber security cases for part of the company’s remote support SaaS instance using the infringed API key.
The company stated that the violation contained 17 remote support SaaS customers, and that the API key was used to reset local application passwords to enable unauthorized access. The violation was first flagged on December 5, 2024.
“In the survey, it was determined that the zero -day vulnerability for the third party application was used and the Trust AWS BEYOND AWS account had gained access to online assets,” said the company this week.
“With access to the assets, threat actors can use the infrastructure API key and use it for another AWS account that operates remote support infrastructure.”
The American Access Management Company did not name the applications surveyed to get the API key, but this probe has two different products (CVE-2024-12356 and CVE-2024-12686). He said he had found a defect.
Since then, Trust Beyond has canceled the compromised API key, has stopped all the affected customer instances, and provides an alternative remote support SaaS instance.
The US Cyber Security and Infrastructure Security Bureau (CISA) add CVE-2024-12356 and CVE-2024-12686 to the known vulnerabilities (KEV) catalog, and evidence of active exploitation in the wild. Quoting is worth noting. The exact details of malicious activities are currently unknown.
This development occurs as the US Treasury states that it is one of the affected parties. Other federal agencies have not been evaluated as affected.
The attack is due to the Hacking Guroup (former Huffnium) linked to China, called Silk Typone (formerly Huffnium), and the agency is suspected of violating the Ministry of Finance’s office network. It imposes sanctions on a cyber actor named Yin Kecheng.
Source link
