Threat Intel Solutions

#### [Cyber-crime](/security/cyber_crime/)**3** US Treasury Department outs the blast radius of BeyondTrust’s key leak======================================================================**3** Data pilfered as miscreants roamed affected workstations——————————————————–[Richard Speed](/Author/Richard-Speed ‘Read more by this author’) Tue 31 Dec 2024 // 15:30 UTC [](https://www.reddit.com/submit?url=https://www.theregister.com/2024/12/31/us_treasury_department_hacked/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=US%20Treasury%20Department%20outs%20the%20blast%20radius%20of%20BeyondTrust%27s%20key%20leak) [](https://twitter.com/intent/tweet?text=US%20Treasury%20Department%20outs%20the%20blast%20radius%20of%20BeyondTrust%27s%20key%20leak&url=https://www.theregister.com/2024/12/31/us_treasury_department_hacked/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister) [](https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/12/31/us_treasury_department_hacked/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/12/31/us_treasury_department_hacked/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=US%20Treasury%20Department%20outs%20the%20blast%20radius%20of%20BeyondTrust%27s%20key%20leak&summary=Data%20pilfered%20as%20miscreants%20roamed%20affected%20workstations) [](https://api.whatsapp.com/send?text=https://www.theregister.com/2024/12/31/us_treasury_department_hacked/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp) The US Department of the Treasury has admitted that miscreants were in its systems, accessing documents in what has been called a ‘major incident.’A letter [shared by Reuters](https://legacy.www.documentcloud.org/documents/25472740-letter-to-chairman-brown-and-ranking-member-scott/) with the Chairman of the Committee on Banking, Housing, and Urban Affairs described the sequence of events. On December 8, the Treasury was notified by BeyondTrust that a key used for remote technical support had been pilfered, meaning that a threat actor could access some Departmental Office workstations and unclassified files.Agencies including the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have been working with the Treasury to understand the incident. Third-party forensic investigators have also been called in. According to the Treasury, ‘Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor.’ *The Register* contacted China’s Ministry of Foreign Affairs to get its take, but we have not received a response.The BeyondTrust incident was [reported](https://www.theregister.com/2024/12/15/prometheus_servers_exporters_exposed/) by *The Register* earlier this month and involved the compromise of an API key for its Remote Support SaaS product. The key was swiftly revoked, but there were at least a few days in which attackers could have roamed around affected systems. According to the Treasury Department, ‘The compromised BeyondTrust service has been taken offline and at this time there is no evidence indicating the threat actor has continued access to Treasury information.’ *The Register* asked the Department of the Treasury for more information on what had been accessed, but we have yet to receive a response.In its letter, the organization said a more detailed report would be forthcoming in 30 days, and ‘In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident.’The US Department of the Treasury’s admission gives an insight into what a vendor’s SaaS incident can mean for customers. During its [investigation](https://www.beyondtrust.com/remote-support-saas-service-security-investigation), BeyondTrust has identified vulnerabilities and pushed out patches for self-hosted versions of its software. For its cloud customers, it performed an update ‘fortifying the security of their solution overall.'[Writing on Mastodon](https://cyberplace.social/@GossiTheDog/113743931915220079), cyber security researcher Kevin Beaumont had a warning for Software-as-a-Service users: ‘One thing every org needs to start to plan for: SaaS provider breaches. What’s your playbook for when your SaaS provider gets breached?’In the case of BeyondTrust, they released some CVEs and patches for the on prem software — but didn’t say much of anything about their SaaS platform.’The US Gov just outed them for the customer impact side.’Notably, BeyondTrust has confirmed in its [advisory](https://www.beyondtrust.com/remote-support-saas-service-security-investigation) that ‘all cloud instances have been patched for this vulnerability’ by mid-December.The outfit added, ‘We continue to communicate, and work closely with, all known affected customers.’ ® [Whitepaper: Top 5 Tips For Navigating Your SASE Journey](https://go.theregister.com/tl/2386/-14369/top-5-tips-for-navigating-your-sase-journey?td=wptl2386bt) Share [](https://www.reddit.com/submit?url=https://www.theregister.com/2024/12/31/us_treasury_department_hacked/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=US%20Treasury%20Department%20outs%20the%20blast%20radius%20of%20BeyondTrust%27s%20key%20leak) [](https://twitter.com/intent/tweet?text=US%20Treasury%20Department%20outs%20the%20blast%20radius%20of%20BeyondTrust%27s%20key%20leak&url=https://www.theregister.com/2024/12/31/us_treasury_department_hacked/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister) [](https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/12/31/us_treasury_department_hacked/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/12/31/us_treasury_department_hacked/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=US%20Treasury%20Department%20outs%20the%20blast%20radius%20of%20BeyondTrust%27s%20key%20leak&summary=Data%20pilfered%20as%20miscreants%20roamed%20affected%20workstations) [](https://api.whatsapp.com/send?text=https://www.theregister.com/2024/12/31/us_treasury_department_hacked/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp) #### More about* [Federal government of the United States](/Tag/Federal%20government%20of%20the%20United%20States/)* [US Treasury](/Tag/US%20Treasury/) More like these × ### More about* [Federal government of the United States](/Tag/Federal%20government%20of%20the%20United%20States/)* [US Treasury](/Tag/US%20Treasury/) ### Narrower topics* [Cybersecurity and Infrastructure Security Agency](/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/)* [Cybersecurity Information Sharing Act](/Tag/Cybersecurity%20Information%20Sharing%20Act/)* [Federal Aviation Administration](/Tag/Federal%20Aviation%20Administration/)* [GPS](/Tag/GPS/)* [Immigration and Nationality Act of 1965](/Tag/Immigration%20and%20Nationality%20Act%20of%201965/)* [IRS](/Tag/IRS/)* [NASA](/Tag/NASA/)* [National Highway Traffic Safety Administration](/Tag/National%20Highway%20Traffic%20Safety%20Administration/)* [National Institute of Standards and Technology](/Tag/National%20Institute%20of%20Standards%20and%20Technology/)* [National Labor Relations Board](/Tag/National%20Labor%20Relations%20Board/)* [NCSAM](/Tag/NCSAM/)* [Telecommunications Act of 1996](/Tag/Telecommunications%20Act%20of%201996/)* [United States Department of Defense](/Tag/United%20States%20Department%20of%20Defense/)* [United States Department of Justice](/Tag/United%20States%20Department%20of%20Justice/)* [US Securities and Exchange Commission](/Tag/US%20Securities%20and%20Exchange%20Commission/) ### Broader topics* [Government](/Tag/Government/)* [United States of America](/Tag/United%20States%20of%20America/) #### More aboutShare [](https://www.reddit.com/submit?url=https://www.theregister.com/2024/12/31/us_treasury_department_hacked/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=US%20Treasury%20Department%20outs%20the%20blast%20radius%20of%20BeyondTrust%27s%20key%20leak) [](https://twitter.com/intent/tweet?text=US%20Treasury%20Department%20outs%20the%20blast%20radius%20of%20BeyondTrust%27s%20key%20leak&url=https://www.theregister.com/2024/12/31/us_treasury_department_hacked/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister) [](https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/12/31/us_treasury_department_hacked/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/12/31/us_treasury_department_hacked/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=US%20Treasury%20Department%20outs%20the%20blast%20radius%20of%20BeyondTrust%27s%20key%20leak&summary=Data%20pilfered%20as%20miscreants%20roamed%20affected%20workstations) [](https://api.whatsapp.com/send?text=https://www.theregister.com/2024/12/31/us_treasury_department_hacked/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp) **3** COMMENTS #### More about* [Federal government of the United States](/Tag/Federal%20government%20of%20the%20United%20States/)* [US Treasury](/Tag/US%20Treasury/) More like these × ### More about* [Federal government of the United States](/Tag/Federal%20government%20of%20the%20United%20States/)* [US Treasury](/Tag/US%20Treasury/) ### Narrower topics* [Cybersecurity and Infrastructure Security Agency](/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/)* [Cybersecurity Information Sharing Act](/Tag/Cybersecurity%20Information%20Sharing%20Act/)* [Federal Aviation Administration](/Tag/Federal%20Aviation%20Administration/)* [GPS](/Tag/GPS/)* [Immigration and Nationality Act of 1965](/Tag/Immigration%20and%20Nationality%20Act%20of%201965/)* [IRS](/Tag/IRS/)* [NASA](/Tag/NASA/)* [National Highway Traffic Safety Administration](/Tag/National%20Highway%20Traffic%20Safety%20Administration/)* [National Institute of Standards and Technology](/Tag/National%20Institute%20of%20Standards%20and%20Technology/)* [National Labor Relations Board](/Tag/National%20Labor%20Relations%20Board/)* [NCSAM](/Tag/NCSAM/)* [Telecommunications Act of 1996](/Tag/Telecommunications%20Act%20of%201996/)* [United States Department of Defense](/Tag/United%20States%20Department%20of%20Defense/)* [United States Department of Justice](/Tag/United%20States%20Department%20of%20Justice/)* [US Securities and Exchange Commission](/Tag/US%20Securities%20and%20Exchange%20Commission/) ### Broader topics* [Government](/Tag/Government/)* [United States of America](/Tag/United%20States%20of%20America/) #### TIP US OFF[Send us news](https://www.theregister.com/Profile/contact/)[#### US bipartisan group publishes laundry list of AI policy requestsChair Jay Obernolte urges Congress to act — whether it will is another matterAI + ML12 days -| 9](/2024/12/19/house_ai_policy_requests/?td=keepreading) [#### US reportedly mulls TP-Link router ban over national security riskupdated It could end up like Huawei -Trump’s gonna get ya, get ya, get yaSecurity13 days -| 57](/2024/12/18/us_govt_probes_tplink_routers/?td=keepreading) [#### US airspace closures, lack of answers deepen East Coast drone mysteryAnalysis Feds insist they still don’t know what’s happening — but note sightings cluster around airport flight pathsOffbeat14 days -| 96](/2024/12/17/mystery_drone_sightings/?td=keepreading) [#### Where do European SMEs start when it comes to conquering the world?The answer is in DenmarkSponsored Feature](/2024/11/25/where_do_european_smes_start/?td=keepreading) [#### China gorging on silicon before Uncle Sam slams the doorChip imports up more than 14% this year in anticipation of fresh restrictionsSystems20 days -| 3](/2024/12/11/china_stockpiling_chips/?td=keepreading) [#### Elon Musk tops US political donor list with $270M+ for Team TrumpPlus, xAI scores another $6B to fuel Tesla tycoon’s war on OpenAIPublic Sector25 days -| 127](/2024/12/07/elon_election_spending/?td=keepreading) [#### US senators propose law to require bare minimum security standardsIn case anyone forgot about Change HealthcareSecurity1 month -| 15](/2024/11/26/us_senators_healthcare_cybersecurity/?td=keepreading) [#### Prepare for an AI policy upending under Trump, say expertsAnalysis Biden executive orders are as good as dead, and the industry will probably have more say in what comes nextPublic Sector1 month -| 27](/2024/11/21/ai_policy_trump/?td=keepreading) [#### Congress ponders underwater alien civilizations, human hybrids, and other unexplained stuffVideo Because life’s not weird enough in the United States these daysScience2 months -| 48](/2024/11/14/congress_uap_hearings/?td=keepreading) [#### All bark, no bite? Musk’s DOGE unlikely to have any real powerComment ‘Department of Government Efficiency’ expected to do little more than suggest changes, Congress will still decidePublic Sector2 months -| 194](/2024/11/14/all_bark_no_bite_musks/?td=keepreading) [#### Flanked by Palantir and AWS, Anthropic’s Claude marches into US defense intelligenceAn emotionally manipulable AI in the hands of the Pentagon and CIA? CoolAI + ML2 months -| 4](/2024/11/07/anthropic_palantir_aws_claude/?td=keepreading) [#### Meta gives nod to weaponizing Llama — but only for the good guysChange of mind follows discovery China was playing with it uninvited?AI + ML2 months -| 9](/2024/11/06/meta_weaponizing_llama_us/?td=keepreading)

Related Tags:
NAICS: 54 – Professional

Scientific

Technical Services

NAICS: 541 – Professional

Scientific

Technical Services

NAICS: 92 – Public Administration

NAICS: 922 – Justice

Public Order

Safety Activities

Blog: The Register Security

Software Discovery: Security Software Discovery

Software Discovery

File and Directory Discovery

Associated Indicators: