Skip to main content
close search
site logo

BeyondTrust customers hit by wave of attacks linked to compromised API key

The cybersecurity vendor said an attacker compromised its access-management tool and reset customer passwords.

Published Dec. 20, 2024
Matt Kapko's headshot
Senior Reporter
Binary code of ones and zeros
deberrar/Getty Images via Getty Images

An attacker gained access to a limited number of BeyondTrust customers’ instances of Remote Support SaaS, an access-management tool, the company said in a Dec. 8 blog post, which was updated Wednesday. The attacker compromised a Remote Support SaaS API key and reset passwords of multiple accounts.

The cybersecurity vendor initially detected anomalous activity on one customer instance of Remote Support SaaS on Dec. 2, according to the updated blog. Three days later, the company determined multiple customers were impacted, suspended those instances and revoked the compromised API key.

“Our initial investigation has found that no BeyondTrust products outside of Remote Support SaaS are impacted,” the company said in the blog post.

BeyondTrust also identified and patched a pair of vulnerabilities in its Remote Support SaaS and Privileged Remote Access products, CVE-2024-12356 and CVE-2024-12686, during its investigation into the attacks. The vulnerabilities were disclosed and patched on Monday and Wednesday.

The company did not describe either flaw as actively exploited in its advisories, yet the Cybersecurity and Infrastructure Security Agency added CVE-2024-12356, a critical command injection vulnerability, to its known exploited vulnerabilities catalog on Thursday.

BeyondTrust hasn’t acknowledged a direct link between the attacks and the actively exploited critical CVE, which has a CVSS score of 9.8. The company did not respond to a request for comment.

A third-party cybersecurity and forensics firm is assisting BeyondTrust with an ongoing investigation into the attacks. The company said it has notified impact customers and will continue to share updates until the investigation concludes.

BeyondTrust said it had 20,000 customers across its product portfolio earlier this year, including 75 of the Fortune 100.

Editors' picks

Company Announcements

View all | Post a press release
Migliaccio and Rathod Investigates Byte Federal Data Breach
From Migliaccio and Rathod
December 12, 2024
Only Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Eva…
From Cynet Security
December 11, 2024
DigiCert Releases First-of-Its-Kind Open-Source DCV Library to Elevate Industry Standards
From DigiCert
December 18, 2024
Rumpke Data Breach Investigation
From Migliaccio and Rathod
December 11, 2024
Editors' picks
Latest in Vulnerability
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.