BeyondTrust reports that attackers have compromised their remote support products.
It is unlikely that the attack has affected BeyondTrust customers; however, users are advised to remain vigilant.
BeyondTrust has confirmed that it suffered a cyberattack after detecting unusual behaviors on its network. During an investigation, the company discovered that some of its Remote Support SaaS instances had been compromised. The firm, which specializes in privileged access management and secure remote access solutions, revealed that the attackers accessed an API key for its Remote Support SaaS service, which they used to reset local account passwords.
In response to this incident, BeyondTrust immediately revoked the API key, notified affected customers, and suspended the compromised instances on the same day, providing alternative Remote Support SaaS instances to those customers. However, the company clarified that the attack was not a ransomware incident.
Additionally, two vulnerabilities were identified and patched, although it appears that these were not exploited during the attacks. Among the findings was a severe command injection vulnerability affecting Remote Support and Privileged Remote Access (PRA) products, which is registered as CVE-2024-12356 and has a severity score of 9.8/10. The second vulnerability, which has a medium severity score (6.6), is registered as CVE-2024-12686 and allows attackers with administrative privileges to inject commands and operate as a site user.
The compromised systems provide scalable and secure remote support solutions, allowing IT professionals to access and troubleshoot devices or systems remotely while maintaining strict security and compliance standards. Generally, BeyondTrust’s clients include large enterprises, government agencies, financial institutions, and tech giants.
Although the company did not mention whether the attack affected any of its clients, it emphasized that it conducted a proactive update for users of Secure Remote Access Cloud, thereby strengthening its defenses. The specific nature of the attack remains unknown, although BeyondTrust confirmed that it was not a ransomware attack.
