Seventeen organizations leveraging BeyondTrust's Remote Support software-as-a-service instances have been infiltrated following a cyberattack involving the exploitation of a breached API key in early December associated with Chinese state-sponsored threat operation Salt Typhoon, reports The Hacker News.
After leveraging a zero-day within a third-party app to compromise a BeyondTrust AWS account asset, attackers proceeded to exploit the asset to secure an infrastructure API key that was then utilized to control another AWS account for managing Remote Support infrastructure, according to BeyondTrust's investigation, which emphasized the quashing of the API key and suspension of all impacted Remote Support instances. BeyondTrust also noted that its probe resulted in the discovery of a pair of security bugs that have since been added to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog. Such a development comes after the BeyondTrust breach was confirmed to have impacted the U.S. Treasury Department, which has since sanctioned Salt Typhoon-linked Yin Kecheng for his purported role in the incident.