“I don’t believe we see a risk of a mandated injection in 2024 for any product, let alone a secure remote access product that should have more oversight for use by the US government,” said Jake Williams, vice president of research and development. cybersecurity consultancy Hunter Strategy and former NSA hacker. “They are one of the easiest pests to spot and treat right now.”
BeyondTrust is an authorized vendor of the “Federal Risk and Authorization Management Program”, but Williams speculates that the Treasury Department may have been using a non-FedRAMP version of the company’s remote support and Privileged Remote Access cloud products. If the breach affected FedRAMP-certified cloud infrastructure, however, Williams says, “it would be the first breach of one and probably the first time FedRAMP’s cloud tools have been compromised to facilitate remote access to customer systems.”
The breach comes as US officials have been scrambling to deal with a major espionage campaign compromising US communications allegedly carried out by a Chinese-backed hacking group known as Salt Typhoon. White House officials told reporters Friday that Hurricane Salt had knocked out nine U.S. telephone lines.
“We wouldn’t leave our homes, our offices, unlocked but our critical infrastructure—the private companies that own and operate our critical infrastructure—often lack basic security procedures that can make our infrastructure dangerous, expensive and difficult. for countries and criminals to attack,” said Anne Neuberger, deputy national security adviser for cyber and emerging technologies, on Friday.
Treasury, CISA, and FBI officials did not respond to WIRED’s questions about whether the actor who breached the Treasury Department was specifically Salt Hurricane. Treasury officials said in a congressional disclosure that they would provide more information about the incident in a report approved by the Department within 30 days. As details continue to emerge, Hunter Strategy’s Williams says the scale and scope of the breach may be greater than currently apparent.
“I expect the impact to be greater than just a few unclassified documents,” he said.
Source link