Skip to main content
close search
site logo
Dive Brief

Censys researchers warn 8,600 BeyondTrust instances still exposed

As authorities investigate a December attack spree, the researchers added the caveat that not all instances are considered vulnerable.

Published Jan. 3, 2025
David Jones's headshot
Reporter
U.S. Treasury Secretary Janet Yellen testifies before the House Committee on Financial Services
U.S. Treasury Secretary Janet Yellen on April 6, 2022 in Washington, DC. Earlier this week, the department disclosed a cyberattack against by suspected state-linked hackers against several workstations. Win McNamee via Getty Images

Dive Brief:

  • Weeks after BeyondTrust disclosed an attack spree against a limited number customers, more than 8,600 instances of the company’s Privileged Remote Access and Remote Support products remain exposed, according to a blog post released Thursday by Censys
  • BeyondTrust in December warned that an attacker gained access to a limited number of Remote Support SaaS instances utilizing a compromised API key. This week, the U.S. Department of Treasury said a suspected state-linked attacker gained access to a number of workstations and stole unclassified information using a BeyondTrust key.
  • Censys researchers, in the Thursday blog, indicated that not all of the exposed instances are considered vulnerable, because the firm does not have access to the versions involved.

Dive Insight:

The attacks highlight the potential risks involved in government agencies and other key sectors depending on remote support tools to conduct business. BeyondTrust last year said it had more than 20,000 customers in its portfolio and is used by 75 of the Fortune 100.  

BeyondTrust last month disclosed and patched a critical vulnerability, listed as CVE-2024-12356, as well as a medium severity vulnerability, listed as CVE-2024-12686 during an investigation of the attack spree.

CVE-2024-12356, a critical command injection vulnerability, has a CVSS score of 9.8 and was added to the Cybersecurity and Infrastructure Security Agencies known exploited vulnerabilities catalog in December.

BeyondTrust has not explicitly linked the vulnerabilities to the attack spree, but is working with authorities and outside experts to investigate the cause and better understand the impact. 

The Treasury Department said the attackers used a stolen key to override security systems and gain access to the workstations. There was no specific reference to what role the CVEs played in the attacks against the workstations. 

Sen. Tim Scott and Rep. French Hill, vice chair of the House Financial Services Committee, sent a letter to Treasury Secretary Janet Yellen demanding a briefing on the incident by Jan. 10. The Treasury Department originally disclosed the attack in a letter to Scott and Sen. Sherrod Brown.

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Releases First-of-Its-Kind Open-Source DCV Library to Elevate Industry Standards
From DigiCert
December 18, 2024

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Breaches
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.