CISA: Third-Party Data Breach Limited to Treasury Dept.

The breach was carried out by exploiting CVE-2024-12356 in BeyondTrust cybersecurity company, just last week.

Kristina Beek, Associate Editor, Dark Reading

January 7, 2025

The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that the third-party breach that affected the US Treasury Department at the hands of Chinese threat actors was limited to just that agency.

"CISA is working closely with the Treasury Department and BeyondTrust to understand and mitigate the impacts of the recent cybersecurity incident," the CISA stated in a brief bulletin. "At this time, there is no indication that any other federal agencies have been impacted by this incident."

The department alerted lawmakers on Dec. 30 to the intrusion, noting that cyber threat actors were able to compromise systems and steal data from workstations.

The adversaries broke into the Treasury Department by exploiting a bug in BeyondTrust, a vendor that offers software-as-a-service (SaaS)-based cybersecurity, and gained access to a remote key that secured a cloud-based service providing technical support to Treasury Department Offices' (DO) end users. From there, they were able to override security and remotely access Treasury DO workstations.

As CISA continues to monitor the situation, it reports that it is "working aggressively to safeguard against any further impacts and will provide updates, as appropriate."

BeyondTrust updated its statement on the incident yesterday, stating that its forensic investigation is nearly complete, all SaaS instances of BeyondTrust Remote Support have been fully patched, and no new victims have been identified other than those previously communicated.

Kristina Beek, Associate Editor, Dark Reading

