BeyondTrust exposes 17 SaaS customers to affected API keys in a zero-day breach.

Feb 01, 2025Ravie LakshmananVulnerability / Zero-Day

BeyondTrust has revealed that it has finished looking into a new security incident that used a affected API key to target some of the company’s Remote Support SaaS situations.

The organization claimed that 17 Remote Support SaaS clients were the victims of the violation, and that the API key was used to revert native software passwords to unauthorized entry. On December 5, 2024, the violation was first identified.

The company reported this week that it was discovered that a third-party program with a zero-day risk was used to obtain an online resource in a BeyondTrust AWS account.

” Accepting that asset then gave the threat professional the opportunity to obtain an infrastructure API code that could then be used to leverage against a distinct AWS bill that ran Remote Support infrastructure.”

The American access management company claimed the investigation resulted in two separate in its own products ( and CVE-2024-1266 ) but did not name the application that was being investigated for the API key.

BeyondTrust has since removed the compromised API code, suspended all known affected customer circumstances, and provided them with other Remote Support SaaS instances.

It’s worth noting that the U. S. Cybersecurity and Infrastructure Security Agency ( CISA ) added both CVE-2024-12356 and CVE-2024-12686 to its Known Exploited Vulnerabilities (KEV ) catalog, citing evidence of active exploitation in the wild. The precise details of the malignant activity are currently unknown.

The U.S. Treasury Department announced it was one of the affected parties as part of the growth. No additional governmental organizations have been deemed to have been impacted.

A China-linked hacking organization, Silk Typhoon ( previously Hafnium ), has been linked to the attacks, with the government sanctioning a Shanghai-based cyber actor named Yin Kecheng for allegedly being a part of the Department of Treasury’s network.

Found this post exciting? Following us on and Twitter to access more unique content.

Leave a Comment