Press ESC to close

Chinese State-Sponsored Threat Actors Breach U.S. Treasury Department in Major Cybersecurity Incident

Category Details
Threat Actors Chinese state-sponsored APT group (potentially Salt Typhoon).
Campaign Overview Breach of the U.S. Treasury Department using vulnerabilities in third-party remote support services.
Target Regions (Or Victims) U.S. Treasury Department, with implications for other U.S. agencies and critical infrastructure.
Methodology – Exploited stolen API key
– Leveraged two zero-day vulnerabilities in BeyondTrust’s Remote Support SaaS platform.
Product Targeted U.S. Treasury systems and sensitive data.
Malware Reference None explicitly mentioned; attack methods focused on API key and zero-day exploitation.
Tools Used Zero-day vulnerabilities: CVE-2024-12356, CVE-2024-12686; API key exploitation.
Vulnerabilities Exploited Zero-day vulnerabilities in third-party vendor services.
TTPs – Exploitation of third-party services
– Use of stolen API keys
– Targeted trusted supply chain systems.
Attribution Attributed to Chinese state-sponsored APT groups; embassy denies involvement.
Recommendations – Monitor third-party service security
– Regularly revoke unused API keys
– Use real-time vulnerability intelligence tools like SOCRadar.
Source SOCRadar

Read full article: https://socradar.io/chinese-state-threat-actors-breach-us-treasury/

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

Source: SOCRadar

Published on: December 31, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *