Cyberattack hits BeyondTrust Remote Support SaaS implementations

U.S. privileged access management-focused cybersecurity firm BeyondTrust has confirmed that some of its Remote Support software-as-a-service instances have been compromised in a cyberattack earlier this month, according to BleepingComputer.

Investigation into the incident, which was initially detected on Dec. 2, revealed that threat actors leveraged a Remote Support SaaS API key to conduct local app account password resets but whether the hacked instances had been exploited to perform downstream attacks remains uncertain. "BeyondTrust immediately revoked the API key, notified known impacted customers, and suspended those instances the same day while providing alternative Remote Support SaaS instances for those customers," said the firm, which also identified Remote Support and Privileged Remote Access instances to have been impacted by the critical and medium-severity command injection flaws, tracked as CVE-2024-12356 and CVE-2024-12686, respectively. Neither of the now-patched vulnerabilities have been noted by BeyondTrust to be actively exploited in ransomware attacks but the Cybersecurity and Infrastructure Security Agency has reported ongoing targeting of the more severe issue.