Chinese APT groups attacked US systems through API vulnerabilities

31 December 2024 1 minute Author: Newsman

BeyondTrust has notified the US Treasury Department that cybercriminals have gained access to API keys used to secure cloud services that provide technical support. Stolen keys allowed cybercriminals to bypass security measures and gain remote access to employee workstations.

BeyondTrust temporarily disabled the service, but no evidence of continued access to the system was found. BeyondTrust also discovered two critical vulnerabilities (CVE-2024-12356, CVSS 9.8 and CVE-2024-12686, CVSS 6.6). One of these vulnerabilities has already been used in a real attack, as evidenced by CISA’s Known Exploited Vulnerabilities (KEV) catalog.

BeyondTrust reported a breach of its systems earlier this month. Attackers used access to API keys to reset passwords and gain control of SaaS accounts. This incident once again highlights the importance of API security controls and sound cybersecurity practices.

The incident highlights the need to improve the cybersecurity of cloud services; should reconsider the use of API keys as the only authentication method and implement a multi-layered security model.

Other related articles
News
Read more
Massive data leak from MC2 Data
MC2 Data, a provider of biographical data verification services, left its database without password protection, leading to the leak of information on more than 100 million US citizens, undermining their security and privacy.
270
Found an error?
If you find an error, take a screenshot and send it to the bot.