• Home
  • >
  • Blog
  • >
  • Chinese APT Exploits API Key to Access U.S. Treasury Systems

Chinese APT Exploits API Key to Access U.S. Treasury Systems

 

Chinese APT Exploits API Key to Access U.S. Treasury Systems

“On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key … to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users,” the department said in a letter informing the Senate Committee on Banking, Housing, and Urban Affairs.
“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”

The U.S. Treasury Department revealed it suffered a “major cybersecurity incident.” The incident took place in early December 2024 after the threat actors gained access to a Remote Support SaaS API key associated with BeyondTrust, which allowed them to reset passwords for local application accounts.

BeyondTrust has not disclosed how the key was obtained but said the API key has since been revoked and that impacted customers have been notified. The latest comes at a time when the U.S. is already battling cyber attacks from other Chinese hacking groups tracked as Volt Typhoon and Salt Typhoon, both of which have targeted critical infrastructure and telecom networks in the country. According to the Wall Street Journal, the telecom-related hacks are so “severe” that “the U.S. may never be able to say with certainty that the Chinese hackers have been fully rooted out.” Other targets of Salt Typhoon hacks included Charter Communications, Consolidated Communications, and Windstream.

“In the telecom attacks, the hackers exploited unpatched network devices from security vendor Fortinet and compromised large network routers from Cisco Systems,” the deep-dive report said. “In at least one case, they took control of a high-level network management account that wasn’t protected by multi-factor authentication, a basic safeguard.” China has denied any involvement in these attacks, even going to the extent of branding the Volt Typhoon as a disinformation campaign.

BLUF:
These attacks are evidence of more sophistication but have also taken advantage of complex systems that are subsequently compromised. The ability to mitigate these risks with defensive measures is clear and having multi layered defense in depth that can see both the network activity as well as find living off the land exploits is critical.

If you are a CIO, CISO and or responsible for cyber defense talk to us. This is in our swim lane and an area we defend on a regular basis. Critically the ability to know what is in place & what is not as well as to respond and recover need to be part of your plan including to be aware in low latency if there’s a compromise to your network and data.

Be safe out there!

Related Posts

December 19, 2024

Fortify Your Critical Infrastructure: Advanced Security Testing for IoT, OT, and ICS Deployments

 Read More
Fortify Your Critical Infrastructure: Advanced Security Testing for IoT, OT, and ICS Deployments

December 10, 2024

Geico & Travelers Fined Millions: Why Cybersecurity Can’t Be an Afterthought for Insurers 

 Read More
Geico & Travelers Fined Millions: Why Cybersecurity Can’t Be an Afterthought for Insurers 

October 9, 2024

HURRICANE MILTON PREPAREDNESS

 Read More
HURRICANE MILTON PREPAREDNESS

Jonathan Meyn

Director of Channel Sales

Linkedin-in

Jonathan is responsible for the Channel Strategy at Cyberleaf. He has over 10 years of experience in various technology solutions sales leadership roles. He has driven cybersecurity strategy and growth within the nation’s leading managed service providers.

Jonathan has a Communications Degree from Pennsylvania State University.

Brant Feldman

CSO

Linkedin-in

Brant served in Naval Special Warfare for 11 years.  He separated as a Lieutenant Commander having served at SEAL Team TWO, SEAL Team FOUR, and SEAL Team SIX.  Following his Naval service, Brant joined ADS in 2008 and was ultimately promoted to Chief Sales Officer, where he directed all sales, supplier, and marketing efforts.  His team was comprised of over 200 sales professionals who drove $3.2B in annual sales.  In 2022, Brant left ADS to pursue opportunities in Private Equity.

Brant has a Juris Doctorate from the University of Virginia School of Law, an Executive MBA from the Darden School of Business and degrees in Economics and Government from the University of Virginia.

Will Sendall

CFO

Linkedin-in

Will served as Chief Financial Officer to various private equity and VC backed high growth technology companies where he managed the financial and operational functions.  Will has also successfully executed multiple debt and equity fundraising processes and led both buy and sell sides of M&A processes.

Will has a MBA from the University of North Carolina – Chapel Hill and a degree in Accounting from Appalachian State University. 

Marshall Howard

Executive Vice President

Linkedin-in

Marshall is responsible for engineering and project management for Waterleaf. He has over 20 years of executive experience across startup operations and Fortune 500 companies in multiple areas including Operations, Engineering, Technology Implementation, Business Planning/Budgeting, Finance/M&A, Revenue Assurance, and Regulatory Affairs.

Previously Marshall served as a Vice President at T3 Communications, Inc., a Fort Myers, FL-based CLEC and managed services provider. Before joining T3, Marshall served as VP of Network Technology and Business Development at Cleartel Communications (now part of Birch Communications), where he played a major role in acquiring and integrating three other CLECs.

Marshall earned a BS in Physics from Rhodes College, an MSEE from Vanderbilt University, an MBA from Southern Methodist University, and completed post-graduate work in Finance and Economics at Vanderbilt University. In addition, he has earned a Project Management Professional (PMP) certification, and last but not least, he is a Certified CMMC Assessor.

David Levitan

President

Linkedin-in

David has over 30 years of experience as a telecommunications industry executive, leading technology and services organizations that have designed, built, and maintained fiber and wireless infrastructure across the US and internationally. He has extensive development, product marketing and general management experience operating independent, sponsor-backed, and publicly traded companies.

David’s previous experience includes executive leadership roles in start-up and publicly traded companies. As President of C-COR Network Services, he drove over 30% sales growth through a team of 400 employees delivering network infrastructure services for broadband operators, while also serving as an officer of parent company C-COR, Inc. At Scientific-Atlanta, Inc David held a progression of leadership and executive positions as the broadband division grew from ~$100 million to over $1.5 billion in annual sales. During his tenure he held product management, strategic planning, and general management roles, including overseeing the rapid growth of the company’s largest business unit, and establishing and scaling a unit delivering domestic and international professional services. As Vice President of CableMatrix, David also helped raise $5 million in series A venture funding for a policy management software startup.

David completed his undergraduate work at Cornell University with a BA in Economics and holds an MBA from the Harvard Graduate School of Business. 

Adam Sewall

CEO

Linkedin-in

Adam has been a successful senior executive and entrepreneur in the telecomm industry for more than 20 years. Adam has demonstrated success in complex technology deployments, as well as strategic planning, corporate development M&A, business development, operations, and general management. This experience also includes several significant liquidity events for shareholders.

Adam has had significant experience in the design, deployment, and operation of fiber, cellular, point-to-point and other communications networks in the US, Asia and SE Asia. Included in these deployments are AMPS, GSM, CDMA/TDMA, spread spectrum, Wi-Max/Wi-Fi and various Metro and long-haul fiber networks.

Prior to Waterleaf Adam was the President and CEO of T3 Communications Inc. www.t3com.net a next generation CLEC based in Florida. He has also held executive management positions in operations, strategic planning and corporate development at T-Mobile and Verizon Wireless.

Adam’s technical background includes work in RF engineering, SDR, mobile s/w development, hardware engineering and telecommunications architecture. His project management and operations background include certifications in project management, GSM/PCS, numerous telecom standards and the successful integration of complex infrastructure as well as global deployments of software and communications networks.

He holds a BS Degree from SUNY and has completed graduate studies in engineering, finance, mathematics and economics at Stevens Institute, Columbia and Pace Universities.