Chinese APT PAM Remote Support Compromise, Remote Support and Privileged Remote Access Vulnerabilities
Threat Content Highlights
Threat Profiles, Objects, & Tags
-
- “Trending & Emerging Threats” weekly update: Chinese APT PAM Remote Support Compromise
- Privileged access management ("PAM") product vendor BeyondTrust indicated that threat actors compromised some of its remote support software-as-a-service ("SaaS") instances. Actors gained access to an API token associated with the "Remote Support SaaS" capability, which allowed them to reset passwords for local application accounts. The U.S. Treasury Department indicated that it was one of the customers using a compromised instance and attributed the compromise to an unspecified China state-sponsored advanced persistent threat ("APT") actor.
- BeyondTrust also announced that it had discovered two vulnerabilities in Remote Support and Privileged Remote Access products (CVE-2024-12356 & CVE-2024-12686), although it did not explicitly link exploits of the vulnerabilities to the early December incident. We included Technique Relationships related to these vulnerabilities as part of the Campaign object included in this Threat Profile for contextual awareness.
- Privileged access management ("PAM") product vendor BeyondTrust indicated that threat actors compromised some of its remote support software-as-a-service ("SaaS") instances. Actors gained access to an API token associated with the "Remote Support SaaS" capability, which allowed them to reset passwords for local application accounts. The U.S. Treasury Department indicated that it was one of the customers using a compromised instance and attributed the compromise to an unspecified China state-sponsored advanced persistent threat ("APT") actor.
- “Trending & Emerging Threats” weekly update: Chinese APT PAM Remote Support Compromise