On December 16, 2024, BeyondTrust published both an advisory and patches for CVE-2024-12356, a critical unauthenticated remote code execution (RCE) vulnerabili…

The department notified lawmakers of the episode, which it said was linked to a state-sponsored actor in China.
In a letter informing lawmakers of the episode, the Treasury Department said that it had been notified on Dec. 8 by a third-party software service company, BeyondTrust, that the hacker had obtained a security key that allowed it to remotely gain access to certain Treasury workstations and documents on them

Treasury officials attributed the December theft of unclassified documents to China.

The Treasury said it was notified on December 8 by BeyondTrust, a company that provides identity access and remote support tech for large organizations and government departments, that hackers had “gained access to a key used by the vendor” for providing remote access technical support to Treasury employees. BeyondTrust disclosed the incident at the time, but did not say how the key was obtained.

BeyondTrust identified a security incident that involved a limited number of Remote Support SaaS customers. On December 5th, 2024, a root cause analysis into a Remote Support SaaS issue identified an API key for Remote Support SaaS had been compromised. BeyondTrust immediately revoked the API key, notified known impacted customers, and suspended those instances the same day while providing alternative Remote Support SaaS instances for those customers.
12/12/24 While the security incident forensics investigation remains ongoing, there are no material updates to provide at this time. We continue to pursue all possible paths as part of the forensic analysis, with the assistance of external forensic parties, to ensure we conduct as thorough an investigation as possible. We continue to communicate, and work closely with, all known affected customers. We will continue to provide updates here until our investigation is concluded.