BeyondTrust December 2024 breach linked to compromised infrastructure API key

BeyondTrust December 2024 breach linked to compromised infrastructure API key

Intelligent identity and access security provider BeyondTrust has concluded its investigation into a cybersecurity incident that targeted certain instances of its Remote Support Software-as-a-Service (SaaS) platform. The breach, first spotted on December 5, 2024, involved the use of a compromised API key to gain unauthorized access to 17 customer accounts. The company has since taken steps to mitigate the impact, including revoking the compromised key and suspending affected instances.

The breach was traced back to a third-party application vulnerability that allowed a threat actor to gain access to a BeyondTrust AWS account. From there, they obtained an infrastructure API key, which was then used to reset local application passwords and access Remote Support SaaS instances. BeyondTrust said no other products outside of its Remote Support SaaS were affected by the incident.

The investigation revealed two security flaws in BeyondTrust’s own products (CVE-2024-12356 and CVE-2024-12686) that were exploited in the attack. The US Cybersecurity and Infrastructure Security Agency (CISA) has added these CVEs to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation in the wild.

The US Treasury Department confirmed it was one of the impacted entities, although no other federal agencies have been assessed to have been affected by the breach.


Back to the list

Latest Posts

Cyber Security Week in Review: February 14, 2025

Cyber Security Week in Review: February 14, 2025

In brief: Microsoft patches actively exploited zero-days, Chinese hackers Salt Typhoon exploit Cisco flaws, the US and partners sanction Zservers, and more.
14 February 2025
Russian Sandworm APT targets critical sectors in BadPilot multi-year campaign

Russian Sandworm APT targets critical sectors in BadPilot multi-year campaign

The 'BadPilot' campaign involves a series of targeted cyberattacks leveraging bugs in widely used IT infrastructure software.
13 February 2025
Four key distributors of encrypted communications service Sky ECC arrested in Spain and Netherlands

Four key distributors of encrypted communications service Sky ECC arrested in Spain and Netherlands

The two men arrested in Spain are accused of overseeing the global distribution of Sky ECC devices and software.
12 February 2025