Connect with us

Tech News

US Treasury incident a clear warning on supply chain security in 2025

Published

2 days ago

on

US Treasury incident a clear warning on supply chain security in 2025

A significant cyber incident sponsored by a state targeted the United States Department of the Treasury in the weeks leading up to Christmas 2024. It was believed to have originated from a compromise at a third-party tech support supplier, highlighting the vulnerability of technology supply chains for IT firms and their clients.

The cyber attack was reportedly carried out by a China-backed advanced persistent threat (APT) actor and focused on the Office of Foreign Assets Control (OFAC) within the Treasury. OFAC plays a crucial role in enforcing foreign sanctions, making it an appealing target for threat actors.

In a letter to Senators Sherrod Brown and Tim Scott, Treasury assistant secretary Aditi Hardikar confirmed that a third-party software services provider, BeyondTrust, had been compromised on December 8, 2024. The APT gained access to a key used to secure a cloud-based remote tech support service, allowing them to breach Treasury user workstations and access certain documents.

Collaborating with agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, Treasury attributed the incident to a China state-sponsored APT actor. BeyondTrust addressed the vulnerabilities and revoked the compromised key to prevent further access to Treasury information.

Despite the allegations, Chinese authorities denied involvement in the cyber attack, dismissing them as part of a smear campaign. BeyondTrust, a US-based supplier specializing in privileged identity management and remote access services, identified and patched vulnerabilities within its products following the incident.

Security supply chain still a big issue in 2025

With this incident, BeyondTrust unfortunately becomes the latest in a long-line of cyber security specialists to find themselves making headlines after the compromise of products and solutions designed to keep end-users safe.

See also  New Trailer Reveals Release Date for 'SUPERHOT' Spiritual Successor 'COLD VR'

Avishai Avivi, CISO at SafeBreach, a supplier of breach and attack simulation tools, explained how the breach likely unfolded. “BeyondTrust, unironically, provides a secure method for IT support personnel to provide remote support to end users,” he said. “This method involves establishing a trusted connection between the support person and the end-user.

“This trusted connection punches through traditional perimeter security controls and gives the support person full access and control over the end-user workstation. Once inside, the support person can send documents back over that secure channel or masquerade as the end-user and send the same documents directly.

“The security controls protecting the US Treasury network have no way of knowing something nefarious is happening, as the trusted connection is, well, trusted.

“Was there something that the US Treasury could have done to prevent this? The sad answer appears to be yes. Again, referring to the technical information BeyondTrust provided, the system administrators at the US Treasury, or the vendor likely to provide support services, failed to configure trusted locations from which the support agents could connect. We refer to this as IP whitelisting [allowlisting].

“This failure is a critical risk with any such service [and] the same issue led to notable breaches in 2023 and 2024. This oversight is why we urge all service vendors, especially trusted ICT vendors, to follow the CISA Secure-by-Default guidance.”

Can you please rewrite this sentence?

Related Topics:
Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending