UDT
Company Details
Linkedin ID:
us-treasury
Website:
Employees number:
14,324
Number of followers:
152,701
NAICS:
92
Industry Type:
Homepage:
treasury.gov
IP Addresses:
0
Company ID:
U.S_1802045
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
U.S. Department of the Treasury Vendor Cyber Rating & Cyber Score
treasury.govThe Treasury Department is the executive agency responsible for promoting economic prosperity and ensuring the financial security of the United States. The Department is responsible for a wide range of activities such as advising the President on economic and financial issues, encouraging sustainable economic growth, and fostering improved governance in financial institutions. The Department of the Treasury operates and maintains systems that are critical to the nation's financial infrastructure, such as the production of coin and currency, the disbursement of payments to the American public, revenue collection, and the borrowing of funds necessary to run the federal government. The Department works with other federal agencies, foreign governments, and international financial institutions to encourage global economic growth, raise standards of living, and to the extent possible, predict and prevent economic and financial crises. The Treasury Department also performs a critical and far-reaching role in enhancing national security by implementing economic sanctions against foreign threats to the U.S., identifying and targeting the financial support networks of national security threats, and improving the safeguards of our financial systems.
U.S. Department of the Treasury A.I CyberSecurity Scoring
UDT Risk Score (AI oriented)Between 550 and 599
UDT
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
UDT Global Score (TPRM)XXXX
UDT
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
UDT Company CyberSecurity News & History
Past Incidents
6
Attack Types
2
Booz Allen HamiltonU.S. Treasury's Office of Foreign Assets Control (OFAC)
Cyber Attack
Rankiteo Explanation
Attack threatening the organization's existence
Description: The Chinese state-sponsored hacking group Murky Panda (Silk Typhoon) exploited trusted cloud relationships and zero-day vulnerabilities to breach the U.S. Treasury’s Office of Foreign Assets Control (OFAC). By compromising a SaaS provider’s cloud environment, the attackers gained access to application registration secrets in Entra ID (formerly Azure AD), allowing them to authenticate as a legitimate service and infiltrate downstream networks. This enabled them to read sensitive emails, steal confidential government data, and maintain persistent access through backdoor accounts with escalated privileges.The attack leveraged supply chain vulnerabilities, abusing delegated administrative privileges (DAP) granted to cloud providers, which allowed Murky Panda to move laterally across multiple tenants. Their use of custom malware (CloudedHope RAT), web shells (Neo-reGeorg, China Chopper), and compromised SOHO devices as proxies ensured stealthy, long-term access while evading detection. The breach posed a severe risk to national security, given OFAC’s role in enforcing economic sanctions and combating financial threats. The attackers’ operational security (OPSEC) measures, including log tampering and timestamp manipulation, further obscured forensic traces, amplifying the threat’s sophistication and impact.
US Treasury
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The breach of the US Treasury by Chinese hackers, including 12 individuals indicted by the Department of Justice, resulted in significant data compromise. Over a three-month period, at least 400 PCs were infiltrated leading to the theft of more than 3,000 files. This attack highlights the risk posed by autonomous state-sponsored hacking groups who target and steal sensitive information from high-profile international entities, selling it to government clients for strategic advantages.
United States Treasury
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The United States Treasury suffered a 'major' breach when an Advanced Persistent Threat group, believed to be linked to the Chinese government, exploited flaws in BeyondTrust software. The attackers stole an authentication key, gaining access to department computers and managing to steal 'certain unclassified documents'. While classified as unclassified, the breach's full extent and subsequent risks, such as exposure to financial manipulations and international diplomatic consequences, are still under assessment.
US Treasury Department
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: A breach in early December 2024 at the US Treasury Department involved remote access by hackers to Treasury computers, compromising certain unclassified documents. By exploiting vulnerabilities in remote support software from BeyondTrust, identified as CVE-2024-12356 and CVE-2024-12686, attackers stole an authentication key, enabling system access. Despite the breach being attributed to a Chinese state-sponsored APT actor, no ongoing access was found. The incident sparked collaborations with FBI, CISA, and intelligence agencies for a comprehensive evaluation.
U.S. Department of the Treasury
Cyber Attack
Rankiteo Explanation
Attack threatening the economy of a geographical region
Description: Companies suffered as a result of hacking attacks against US federal entities, affected departments included the US Department of Homeland Security, the Department of Commerce, and the Department of the Treasury. Early this year, Iranian government-sponsored hackers, including the FBI and CISA, gained access to a network of an unnamed US federal agency and used the Log4Shell vulnerability to install crypto miners and use stolen passwords. According to the advisory, "Cyber threat actors advanced to the domain controller (DC), compromised credentials, implanted Ngrok reverse proxies on multiple hosts to maintain persistence, and then exploited the Log4Shell vulnerability in an unpatched VMware Horizon server to install XMRig crypto mining software.
Booz Allen Hamilton, Internal Revenue Service and U.S. Department of the Treasury: Feds yank contracts with Booz Allen Hamilton after Trump tax leak
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Treasury Cancels Booz Allen Hamilton Contracts After Massive Tax Data Leak The U.S. Department of the Treasury announced on Monday the termination of all contracts with consulting firm Booz Allen Hamilton following a major breach involving the leak of sensitive tax information. The decision comes after former IRS contractor Charles Edward Littlejohn, who worked for Booz Allen, was sentenced in 2024 to five years in prison for disclosing confidential tax records including those of former President Donald Trump to media outlets. Between 2018 and 2020, Littlejohn provided stolen tax data to *The New York Times* and *ProPublica*, an act prosecutors described as "unparalleled in the IRS's history." The breach exposed records belonging to approximately 406,000 individuals, though the Treasury’s statement did not explicitly mention Trump’s leaked returns. Treasury Secretary Scott Bessent stated that the cancellation was necessary to "increase Americans' trust in government," citing Booz Allen’s failure to implement adequate safeguards for sensitive taxpayer data. The department had 31 active contracts with the firm, totaling $4.8 million in annual spending and $21 million in total obligations. Court documents revealed that Littlejohn intentionally sought the contractor role to access Trump’s tax returns, using his technical skills to extract data without detection. At his sentencing in January 2024, he acknowledged his actions, stating, *"I used my skills to systematically violate the privacy of thousands of people."* Booz Allen Hamilton has not yet commented on the termination.
UDT Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for UDT
Incidents vs Government Administration Industry Average (This Year)
No incidents recorded for U.S. Department of the Treasury in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for U.S. Department of the Treasury in 2026.
Incident Types UDT vs Government Administration Industry Avg (This Year)
No incidents recorded for U.S. Department of the Treasury in 2026.
Incident History — UDT (X = Date, Y = Severity)
UDT cyber incidents detection timeline including parent company and subsidiaries
UDT Company Subsidiaries
The Treasury Department is the executive agency responsible for promoting economic prosperity and ensuring the financial security of the United States. The Department is responsible for a wide range of activities such as advising the President on economic and financial issues, encouraging sustainable economic growth, and fostering improved governance in financial institutions. The Department of the Treasury operates and maintains systems that are critical to the nation's financial infrastructure, such as the production of coin and currency, the disbursement of payments to the American public, revenue collection, and the borrowing of funds necessary to run the federal government. The Department works with other federal agencies, foreign governments, and international financial institutions to encourage global economic growth, raise standards of living, and to the extent possible, predict and prevent economic and financial crises. The Treasury Department also performs a critical and far-reaching role in enhancing national security by implementing economic sanctions against foreign threats to the U.S., identifying and targeting the financial support networks of national security threats, and improving the safeguards of our financial systems.
Loading...
UDT Similar Companies
State of Indiana
State government is more than senators, representatives, and elected officials. We build highways, provide drivers licenses, protect our children and vulnerable populations, create jobs, connect Hoosiers to job opportunities, maintain state parks, train law enforcement officers, and we run museums
Department of Education
The Department of Education is responsible for delivering the Victorian Government’s commitment to making Victoria the Education State, where all Victorians have the best learning and development experience, regardless of their background, postcode or circumstances. Education remains a cornerstone f
U.S. Department of Veterans Affairs
Welcome to the United States Department of Veterans Affairs (VA) Official LinkedIn page. We're recruiting the finest employees to care for our #Veterans. Following/engagement ≠ signify VA endorsement. This is a moderated page, meaning that all comments will be reviewed for appropriate content. Ple
FDA
The Food and Drug Administration is an agency within the Department of Health and Human Services. The FDA is responsible for protecting the public health by ensuring the safety, efficacy, and security of human and veterinary drugs, biological products, and medical devices; and by ensuring the safet
Københavns Kommune
Københavns Kommune er Danmarks største arbejdsplads med ca. 45.000 medarbejdere. Vi udvikler hovedstaden og servicerer over 500.000 københavnere. Vores mål er at fastholde og udvikle København som en af verdens bedste byer at bo i – og skabe øget vækst gennem viden, innovation og beskæftigelse. Fi
Region Midtjylland
Central Denmark Region is one of five regions in Denmark. Denmark is organised at three political and administrative levels: the national (government), the regional (5 regions) and the municipal level (98 municipalities). Each region is led by a Regional Council, consisting of 41 politicians ele
Malmö stad
Bli en samhällsbyggare – jobba i Malmö stad! Genom att arbeta i Malmö stad får du möjlighet att arbeta med hållbar samhällsutveckling. Som en samhällsbyggare spelar du en viktig roll i Malmös utveckling och därför ser vi oss som framtidens arbetsplats. Människors lika värde är en förutsättning fö
Government of Canada
The Government of Canada works on behalf of Canadians, both at home and abroad. Visit www.Canada.ca to learn more. Canada’s professional, non-partisan public service is among the best in the world, and many of its departments and agencies place in Canada’s Top 100 Employers year after year. If you
Secretaría de Educación Pública
MISIÓN/PROPÓSITO: La SEP tiene como propósito esencial crear condiciones que permitan asegurar el acceso de todas las mexicanas y mexicanos a una educación de calidad, en el nivel y modalidad que la requieran y en el lugar donde la demanden. VISIÓN: En el año 2025, México cuenta con un sistema
.png)
UDT CyberSecurity News
March 27, 2026 09:06 PM
US Treasury Weighs Cyber Insurance Backstop
A Department of the Treasury review of cyber risk under the Terrorism Risk Insurance Program comes amid concern that nation-state attacks...
March 18, 2026 06:50 PM
Treasury Concludes Public-Private AI Initiative to Bolster Financial Sector Cybersecurity
The U.S. Department of the Treasury has announced the conclusion of a major public-private initiative aimed at strengthening cybersecurity...
March 11, 2026 07:00 AM
Treasury Outlines Innovation Roadmap for Countering Illicit Finance in Digital Assets
The U.S. Department of the Treasury (Treasury) has delivered to Congress the report on Innovative Technologies to Counter Illicit Finance...
February 25, 2026 08:00 AM
Treasury Imposes Cyber Related Sanctions on Russian and UAE Individuals, Entities
The Department of the Treasury's Office of Foreign Assets Control (OFAC) designated Sergey Sergeyevich Zelenyuk (Zelenyuk) and his company,...
February 24, 2026 08:00 AM
Treasury sanctions Russian firm said to have stolen and sold US cyber tools
The sanctions coincide with an FBI investigation into Peter Williams, a former employee of U.S. defense contractor L3Harris who pleaded...
February 20, 2026 08:00 AM
US Treasury Department offers secure AI advice to financial services firms
The U.S. Treasury Department has begun releasing guidance meant to help financial services companies securely use artificial intelligence...
February 19, 2026 08:00 AM
Treasury Completes AI Cybersecurity Initiative for Finance Sector
The Department of the Treasury will publish six resources to promote secure, resilient AI adoption across the U.S. financial system.
February 18, 2026 08:00 AM
US Treasury announces initiative to strengthen cybersecurity, risk management for AI
ISTANBUL. The US Treasury Department announced Wednesday a public-private initiative to strengthen cybersecurity and risk management for...
February 11, 2026 07:37 PM
Treasury Department hit in cyberbreach by China-sponsored actor, officials say
The “major” breach was achieved by gaining access to a third party cybersecurity service.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
UDT CyberSecurity History Information
Official Website of U.S. Department of the Treasury
The official website of U.S. Department of the Treasury is https://home.treasury.gov/.
U.S. Department of the Treasury’s AI-Generated Cybersecurity Score
According to Rankiteo, U.S. Department of the Treasury’s AI-generated cybersecurity score is 591, reflecting their Very Poor security posture.
How many security badges does U.S. Department of the Treasury’ have ?
According to Rankiteo, U.S. Department of the Treasury currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has U.S. Department of the Treasury been affected by any supply chain cyber incidents ?
According to Rankiteo, U.S. Department of the Treasury has been affected by a supply chain cyber incident involving Booz Allen Hamilton, with the incident ID BOOIRSUS-1769454012.
Does U.S. Department of the Treasury have SOC 2 Type 1 certification ?
According to Rankiteo, U.S. Department of the Treasury is not certified under SOC 2 Type 1.
Does U.S. Department of the Treasury have SOC 2 Type 2 certification ?
According to Rankiteo, U.S. Department of the Treasury does not hold a SOC 2 Type 2 certification.
Does U.S. Department of the Treasury comply with GDPR ?
According to Rankiteo, U.S. Department of the Treasury is not listed as GDPR compliant.
Does U.S. Department of the Treasury have PCI DSS certification ?
According to Rankiteo, U.S. Department of the Treasury does not currently maintain PCI DSS compliance.
Does U.S. Department of the Treasury comply with HIPAA ?
According to Rankiteo, U.S. Department of the Treasury is not compliant with HIPAA regulations.
Does U.S. Department of the Treasury have ISO 27001 certification ?
According to Rankiteo,U.S. Department of the Treasury is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of U.S. Department of the Treasury
U.S. Department of the Treasury operates primarily in the Government Administration industry.
Number of Employees at U.S. Department of the Treasury
U.S. Department of the Treasury employs approximately 14,324 people worldwide.
Subsidiaries Owned by U.S. Department of the Treasury
U.S. Department of the Treasury presently has no subsidiaries across any sectors.
U.S. Department of the Treasury’s LinkedIn Followers
U.S. Department of the Treasury’s official LinkedIn profile has approximately 152,701 followers.
NAICS Classification of U.S. Department of the Treasury
U.S. Department of the Treasury is classified under the NAICS code 92, which corresponds to Public Administration.
U.S. Department of the Treasury’s Presence on Crunchbase
No, U.S. Department of the Treasury does not have a profile on Crunchbase.
U.S. Department of the Treasury’s Presence on LinkedIn
Yes, U.S. Department of the Treasury maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/us-treasury.
Cybersecurity Incidents Involving U.S. Department of the Treasury
As of April 02, 2026, Rankiteo reports that U.S. Department of the Treasury has experienced 6 cybersecurity incidents.
Number of Peer and Competitor Companies
U.S. Department of the Treasury has an estimated 12,425 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at U.S. Department of the Treasury ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Cyber Attack.
What was the total financial impact of these incidents on U.S. Department of the Treasury ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $21 million.
How does U.S. Department of the Treasury detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with fbi, third party assistance with cisa, and third party assistance with fbi, third party assistance with cisa, third party assistance with intelligence agencies, and and and third party assistance with crowdstrike (investigation/reporting), and enhanced monitoring with recommended: monitor entra id service principal sign-ins, enforce mfa for cloud accounts, patch cloud infrastructure, and law enforcement notified with yes, and containment measures with termination of contracts, and communication strategy with public statement by treasury secretary..
Incident Details
Can you provide details on each incident ?
Title: Hacking Attacks Against US Federal Entities
Description: Companies suffered as a result of hacking attacks against US federal entities, affected departments included the US Department of Homeland Security, the Department of Commerce, and the Department of the Treasury. Early this year, Iranian government-sponsored hackers, including the FBI and CISA, gained access to a network of an unnamed US federal agency and used the Log4Shell vulnerability to install crypto miners and use stolen passwords. According to the advisory, 'Cyber threat actors advanced to the domain controller (DC), compromised credentials, implanted Ngrok reverse proxies on multiple hosts to maintain persistence, and then exploited the Log4Shell vulnerability in an unpatched VMware Horizon server to install XMRig crypto mining software.'
Type: Hacking
Attack Vector: Log4Shell vulnerabilityStolen passwordsNgrok reverse proxies
Vulnerability Exploited: Log4Shell vulnerability in an unpatched VMware Horizon server
Threat Actor: Iranian government-sponsored hackers
Motivation: Cryptocurrency mining
Title: US Treasury Department Breach
Description: A breach in early December 2024 at the US Treasury Department involved remote access by hackers to Treasury computers, compromising certain unclassified documents. By exploiting vulnerabilities in remote support software from BeyondTrust, identified as CVE-2024-12356 and CVE-2024-12686, attackers stole an authentication key, enabling system access. Despite the breach being attributed to a Chinese state-sponsored APT actor, no ongoing access was found. The incident sparked collaborations with FBI, CISA, and intelligence agencies for a comprehensive evaluation.
Date Detected: 2024-12-01
Type: Breach
Attack Vector: Remote Access
Vulnerability Exploited: CVE-2024-12356CVE-2024-12686
Threat Actor: Chinese state-sponsored APT actor
Motivation: Data Theft
Title: United States Treasury Breach
Description: The United States Treasury suffered a 'major' breach when an Advanced Persistent Threat group, believed to be linked to the Chinese government, exploited flaws in BeyondTrust software. The attackers stole an authentication key, gaining access to department computers and managing to steal 'certain unclassified documents'. While classified as unclassified, the breach's full extent and subsequent risks, such as exposure to financial manipulations and international diplomatic consequences, are still under assessment.
Type: Data Breach
Attack Vector: Exploited flaws in BeyondTrust software
Vulnerability Exploited: Authentication key theft
Threat Actor: Advanced Persistent Threat group linked to the Chinese government
Motivation: Data Theft
Title: Breach of US Treasury by Chinese Hackers
Description: The breach of the US Treasury by Chinese hackers, including 12 individuals indicted by the Department of Justice, resulted in significant data compromise. Over a three-month period, at least 400 PCs were infiltrated leading to the theft of more than 3,000 files. This attack highlights the risk posed by autonomous state-sponsored hacking groups who target and steal sensitive information from high-profile international entities, selling it to government clients for strategic advantages.
Type: Data Breach
Threat Actor: Chinese state-sponsored hacking groups
Motivation: EspionageStrategic Advantage
Title: Murky Panda (Silk Typhoon) Exploits Trusted Cloud Relationships for Cyberespionage
Description: A Chinese state-sponsored hacking group known as Murky Panda (Silk Typhoon) exploits trusted relationships in cloud environments to gain initial access to the networks and data of downstream customers. The group targets government, technology, academic, legal, and professional services organizations in North America, leveraging zero-day vulnerabilities, compromised cloud service providers, and custom malware to maintain stealthy access for espionage purposes.
Date Publicly Disclosed: 2024-03
Type: cyberespionage
Attack Vector: exploitation of trusted cloud relationships (SaaS providers, Microsoft CSPs)zero-day vulnerabilities (e.g., Citrix NetScaler CVE-2023-3519, Ivanti Pulse Connect CVE-2025-0282)ProxyLogon (Microsoft Exchange)compromised SOHO devices as proxiesweb shells (Neo-reGeorg, China Chopper)custom Linux RAT (CloudedHope)
Vulnerability Exploited: CVE-2023-3519 (Citrix NetScaler)ProxyLogon (Microsoft Exchange)CVE-2025-0282 (Ivanti Pulse Connect VPN)zero-day vulnerabilities in SaaS provider cloud environmentsEntra ID application registration secretsDelegated Administrative Privileges (DAP) in Microsoft cloud solutions
Threat Actor: Murky PandaSilk Typhoon (Microsoft)Hafnium
Motivation: cyberespionage (targeting government, technology, legal, and professional services for sensitive data)
Title: Treasury Cancels Booz Allen Hamilton Contracts After Massive Tax Data Leak
Description: The U.S. Department of the Treasury terminated all contracts with Booz Allen Hamilton following a major breach involving the leak of sensitive tax information by a former IRS contractor. The breach exposed records of approximately 406,000 individuals, including those of former President Donald Trump, and was described as 'unparalleled in the IRS's history.'
Date Publicly Disclosed: 2024-01-01
Type: Data Breach
Attack Vector: Insider Threat
Vulnerability Exploited: Inadequate safeguards for sensitive data
Threat Actor: Charles Edward Littlejohn
Motivation: Intentional disclosure to media outlets
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Log4Shell vulnerability, Remote support software from BeyondTrust, BeyondTrust software, compromised cloud service providers (SaaS, Microsoft CSPs)zero-day vulnerabilities in cloud environmentsinternet-exposed devices (Citrix NetScaler, Ivanti VPN and Microsoft Exchange)compromised SOHO devices (as proxies).
Impact of the Incidents
What was the impact of each incident ?
Incident : Hacking USD13361222
Systems Affected: Domain controller (DC)Multiple hostsVMware Horizon server
Incident : Breach US-000010125
Data Compromised: Unclassified documents
Systems Affected: Treasury computers
Incident : Data Breach US-000011025
Data Compromised: Unclassified documents
Systems Affected: Department computers
Incident : Data Breach US-000030825
Data Compromised: More than 3,000 files
Systems Affected: At least 400 PCs
Incident : cyberespionage US-526082425
Data Compromised: Emails, Sensitive organizational data, Application data
Systems Affected: cloud environments (Microsoft Entra ID, SaaS providers)downstream customer networkscompromised SOHO devices (used as proxies)servers with deployed web shells (Neo-reGeorg, China Chopper)
Operational Impact: long-term stealthy access for data exfiltration, persistence via backdoor accounts
Brand Reputation Impact: high risk for targeted organizations (government, legal, professional services)
Incident : Data Breach BOOIRSUS-1769454012
Financial Loss: $21 million (total contract obligations)
Data Compromised: Sensitive tax records
Systems Affected: IRS tax record systems
Operational Impact: Termination of contracts with Booz Allen Hamilton
Brand Reputation Impact: Loss of trust in government and contractor
Identity Theft Risk: High
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $3.50 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Unclassified documents, Unclassified documents, Sensitive information, Emails, Sensitive Organizational Data, Application Data, and Tax records.
Which entities were affected by each incident ?
Incident : Hacking USD13361222
Entity Name: ['US Department of Homeland Security', 'Department of Commerce', 'Department of the Treasury']
Entity Type: Government
Industry: Government
Location: United States
Incident : Breach US-000010125
Entity Name: US Treasury Department
Entity Type: Government Agency
Industry: Public Administration
Location: United States
Incident : Data Breach US-000011025
Entity Name: United States Treasury
Entity Type: Government Agency
Industry: Government
Location: United States
Incident : Data Breach US-000030825
Entity Name: US Treasury
Entity Type: Government
Industry: Government
Location: United States
Incident : cyberespionage US-526082425
Entity Name: U.S. Treasury's Office of Foreign Assets Control (OFAC)
Entity Type: government agency
Industry: financial regulation
Location: United States
Incident : cyberespionage US-526082425
Entity Name: Committee on Foreign Investment in the United States (CFIUS)
Entity Type: government committee
Industry: national security
Location: United States
Incident : cyberespionage US-526082425
Entity Name: Unnamed SaaS provider (compromised via zero-day)
Entity Type: cloud service provider
Industry: technology
Customers Affected: downstream customers (number unspecified)
Incident : cyberespionage US-526082425
Entity Name: Unnamed Microsoft Cloud Solution Provider (CSP)
Entity Type: managed service provider
Industry: technology
Customers Affected: multiple tenants (Global Administrator access obtained)
Incident : cyberespionage US-526082425
Entity Name: Government, technology, academic, legal, and professional services organizations
Entity Type: government agencies, private sector
Industry: public sector, technology, education, legal, professional services
Location: primarily North America
Incident : Data Breach BOOIRSUS-1769454012
Entity Name: U.S. Department of the Treasury
Entity Type: Government Agency
Industry: Public Sector
Location: United States
Size: Large
Customers Affected: 406,000 individuals
Incident : Data Breach BOOIRSUS-1769454012
Entity Name: Booz Allen Hamilton
Entity Type: Consulting Firm
Industry: Defense and Government Contracting
Location: United States
Size: Large
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Hacking USD13361222
Third Party Assistance: Fbi, Cisa.
Incident : Breach US-000010125
Third Party Assistance: Fbi, Cisa, Intelligence Agencies.
Incident : Data Breach US-000030825
Incident : cyberespionage US-526082425
Third Party Assistance: Crowdstrike (Investigation/Reporting).
Enhanced Monitoring: recommended: monitor Entra ID service principal sign-ins, enforce MFA for cloud accounts, patch cloud infrastructure
Incident : Data Breach BOOIRSUS-1769454012
Law Enforcement Notified: Yes
Containment Measures: Termination of contracts
Communication Strategy: Public statement by Treasury Secretary
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through FBI, CISA, , FBI, CISA, intelligence agencies, , CrowdStrike (investigation/reporting), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Breach US-000010125
Type of Data Compromised: Unclassified documents
Sensitivity of Data: Low
Incident : Data Breach US-000011025
Type of Data Compromised: Unclassified documents
Sensitivity of Data: Unclassified
Incident : Data Breach US-000030825
Type of Data Compromised: Sensitive information
Number of Records Exposed: More than 3,000 files
Sensitivity of Data: High
Incident : cyberespionage US-526082425
Type of Data Compromised: Emails, Sensitive organizational data, Application data
Sensitivity of Data: high (government, legal, and professional services data)
Incident : Data Breach BOOIRSUS-1769454012
Type of Data Compromised: Tax records
Number of Records Exposed: 406,000
Sensitivity of Data: High (confidential taxpayer information)
Data Exfiltration: Yes
Personally Identifiable Information: Yes
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by termination of contracts.
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : cyberespionage US-526082425
Data Exfiltration: True
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach US-000030825
Legal Actions: 12 individuals indicted by the Department of Justice,
Incident : Data Breach BOOIRSUS-1769454012
Legal Actions: Criminal prosecution of Charles Edward Littlejohn
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through 12 individuals indicted by the Department of Justice, , Criminal prosecution of Charles Edward Littlejohn.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : cyberespionage US-526082425
Lessons Learned: Trusted cloud relationships (e.g., SaaS providers, CSPs with DAP) are high-value targets for APT groups., Zero-day exploits in cloud environments enable stealthy lateral movement to downstream customers., Monitoring for unusual Entra ID service principal activity is critical for detecting abuse of trusted relationships., Compromised SOHO devices can be repurposed as proxies to evade geographic-based detection., Custom malware (e.g., CloudedHope RAT) and open-source tools (e.g., Neo-reGeorg) are used for persistence.
Incident : Data Breach BOOIRSUS-1769454012
Lessons Learned: Need for improved safeguards and monitoring of contractors with access to sensitive data
What recommendations were made to prevent future incidents ?
Incident : cyberespionage US-526082425
Recommendations: Monitor Entra ID logs for anomalous service principal sign-ins., Enforce multi-factor authentication (MFA) for all cloud provider accounts, especially those with administrative privileges., Promptly patch cloud-facing infrastructure, including zero-day vulnerabilities., Restrict delegated administrative privileges (DAP) and review Admin Agent group memberships., Segment cloud environments to limit lateral movement via trusted relationships., Deploy behavioral detection for web shells (e.g., Neo-reGeorg, China Chopper) and custom malware., Audit and rotate application registration secrets in Entra ID., Monitor for traffic originating from compromised SOHO devices.Monitor Entra ID logs for anomalous service principal sign-ins., Enforce multi-factor authentication (MFA) for all cloud provider accounts, especially those with administrative privileges., Promptly patch cloud-facing infrastructure, including zero-day vulnerabilities., Restrict delegated administrative privileges (DAP) and review Admin Agent group memberships., Segment cloud environments to limit lateral movement via trusted relationships., Deploy behavioral detection for web shells (e.g., Neo-reGeorg, China Chopper) and custom malware., Audit and rotate application registration secrets in Entra ID., Monitor for traffic originating from compromised SOHO devices.Monitor Entra ID logs for anomalous service principal sign-ins., Enforce multi-factor authentication (MFA) for all cloud provider accounts, especially those with administrative privileges., Promptly patch cloud-facing infrastructure, including zero-day vulnerabilities., Restrict delegated administrative privileges (DAP) and review Admin Agent group memberships., Segment cloud environments to limit lateral movement via trusted relationships., Deploy behavioral detection for web shells (e.g., Neo-reGeorg, China Chopper) and custom malware., Audit and rotate application registration secrets in Entra ID., Monitor for traffic originating from compromised SOHO devices.Monitor Entra ID logs for anomalous service principal sign-ins., Enforce multi-factor authentication (MFA) for all cloud provider accounts, especially those with administrative privileges., Promptly patch cloud-facing infrastructure, including zero-day vulnerabilities., Restrict delegated administrative privileges (DAP) and review Admin Agent group memberships., Segment cloud environments to limit lateral movement via trusted relationships., Deploy behavioral detection for web shells (e.g., Neo-reGeorg, China Chopper) and custom malware., Audit and rotate application registration secrets in Entra ID., Monitor for traffic originating from compromised SOHO devices.Monitor Entra ID logs for anomalous service principal sign-ins., Enforce multi-factor authentication (MFA) for all cloud provider accounts, especially those with administrative privileges., Promptly patch cloud-facing infrastructure, including zero-day vulnerabilities., Restrict delegated administrative privileges (DAP) and review Admin Agent group memberships., Segment cloud environments to limit lateral movement via trusted relationships., Deploy behavioral detection for web shells (e.g., Neo-reGeorg, China Chopper) and custom malware., Audit and rotate application registration secrets in Entra ID., Monitor for traffic originating from compromised SOHO devices.Monitor Entra ID logs for anomalous service principal sign-ins., Enforce multi-factor authentication (MFA) for all cloud provider accounts, especially those with administrative privileges., Promptly patch cloud-facing infrastructure, including zero-day vulnerabilities., Restrict delegated administrative privileges (DAP) and review Admin Agent group memberships., Segment cloud environments to limit lateral movement via trusted relationships., Deploy behavioral detection for web shells (e.g., Neo-reGeorg, China Chopper) and custom malware., Audit and rotate application registration secrets in Entra ID., Monitor for traffic originating from compromised SOHO devices.Monitor Entra ID logs for anomalous service principal sign-ins., Enforce multi-factor authentication (MFA) for all cloud provider accounts, especially those with administrative privileges., Promptly patch cloud-facing infrastructure, including zero-day vulnerabilities., Restrict delegated administrative privileges (DAP) and review Admin Agent group memberships., Segment cloud environments to limit lateral movement via trusted relationships., Deploy behavioral detection for web shells (e.g., Neo-reGeorg, China Chopper) and custom malware., Audit and rotate application registration secrets in Entra ID., Monitor for traffic originating from compromised SOHO devices.Monitor Entra ID logs for anomalous service principal sign-ins., Enforce multi-factor authentication (MFA) for all cloud provider accounts, especially those with administrative privileges., Promptly patch cloud-facing infrastructure, including zero-day vulnerabilities., Restrict delegated administrative privileges (DAP) and review Admin Agent group memberships., Segment cloud environments to limit lateral movement via trusted relationships., Deploy behavioral detection for web shells (e.g., Neo-reGeorg, China Chopper) and custom malware., Audit and rotate application registration secrets in Entra ID., Monitor for traffic originating from compromised SOHO devices.
Incident : Data Breach BOOIRSUS-1769454012
Recommendations: Enhance insider threat detection, implement stricter access controls, and conduct regular audits of contractor activities
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Trusted cloud relationships (e.g., SaaS providers, CSPs with DAP) are high-value targets for APT groups.,Zero-day exploits in cloud environments enable stealthy lateral movement to downstream customers.,Monitoring for unusual Entra ID service principal activity is critical for detecting abuse of trusted relationships.,Compromised SOHO devices can be repurposed as proxies to evade geographic-based detection.,Custom malware (e.g., CloudedHope RAT) and open-source tools (e.g., Neo-reGeorg) are used for persistence.Need for improved safeguards and monitoring of contractors with access to sensitive data.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Enhance insider threat detection, implement stricter access controls and and conduct regular audits of contractor activities.
References
Where can I find more information about each incident ?
Incident : cyberespionage US-526082425
Source: CrowdStrike Report on Murky Panda/Silk Typhoon
Date Accessed: 2024-03
Incident : cyberespionage US-526082425
Source: Microsoft Threat Intelligence (Silk Typhoon)
Incident : Data Breach BOOIRSUS-1769454012
Source: U.S. Department of the Treasury
Incident : Data Breach BOOIRSUS-1769454012
Source: Court Documents
Incident : Data Breach BOOIRSUS-1769454012
Source: The New York Times
Incident : Data Breach BOOIRSUS-1769454012
Source: ProPublica
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: CrowdStrike Report on Murky Panda/Silk TyphoonDate Accessed: 2024-03, and Source: Microsoft Threat Intelligence (Silk Typhoon), and Source: U.S. Department of the Treasury, and Source: Court Documents, and Source: The New York Times, and Source: ProPublica.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : cyberespionage US-526082425
Investigation Status: ongoing (per CrowdStrike and Microsoft reports)
Incident : Data Breach BOOIRSUS-1769454012
Investigation Status: Completed (sentencing of threat actor)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public statement by Treasury Secretary.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : cyberespionage US-526082425
Customer Advisories: Organizations relying on cloud/SaaS providers advised to review trust models and monitoring practices.
Incident : Data Breach BOOIRSUS-1769454012
Stakeholder Advisories: Public statement by Treasury Secretary Scott Bessent
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Organizations Relying On Cloud/Saas Providers Advised To Review Trust Models And Monitoring Practices., and Public statement by Treasury Secretary Scott Bessent.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Hacking USD13361222
Entry Point: Log4Shell vulnerability
Backdoors Established: Ngrok reverse proxies
High Value Targets: Domain Controller (Dc), Vmware Horizon Server,
Data Sold on Dark Web: Domain Controller (Dc), Vmware Horizon Server,
Incident : Breach US-000010125
Entry Point: Remote support software from BeyondTrust
Incident : Data Breach US-000011025
Entry Point: BeyondTrust software
Incident : Data Breach US-000030825
Reconnaissance Period: Three-month period
Incident : cyberespionage US-526082425
Entry Point: Compromised Cloud Service Providers (Saas, Microsoft Csps), Zero-Day Vulnerabilities In Cloud Environments, Internet-Exposed Devices (Citrix Netscaler, Ivanti Vpn, Microsoft Exchange), Compromised Soho Devices (As Proxies),
Backdoors Established: ['custom backdoor accounts in customer Entra ID environments', 'Neo-reGeorg/China Chopper web shells', 'CloudedHope RAT']
High Value Targets: Government Agencies (E.G., Ofac, Cfius), Technology And Legal Firms, Academic Institutions, Professional Services With Sensitive Data,
Data Sold on Dark Web: Government Agencies (E.G., Ofac, Cfius), Technology And Legal Firms, Academic Institutions, Professional Services With Sensitive Data,
Incident : Data Breach BOOIRSUS-1769454012
High Value Targets: Former President Donald Trump's tax returns
Data Sold on Dark Web: Former President Donald Trump's tax returns
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Hacking USD13361222
Root Causes: Unpatched VMware Horizon server
Incident : Breach US-000010125
Root Causes: Vulnerabilities in remote support software
Incident : Data Breach US-000011025
Root Causes: Flaws in BeyondTrust software
Incident : cyberespionage US-526082425
Root Causes: Over-Reliance On Trusted Cloud Relationships Without Sufficient Monitoring., Lack Of Visibility Into Delegated Administrative Privileges (Dap) In Cloud Environments., Delayed Patching Of Zero-Day Vulnerabilities In Cloud-Facing Infrastructure., Insufficient Detection For Web Shells And Custom Malware In Compromised Systems.,
Corrective Actions: Implement Stricter Access Controls For Cloud Provider Accounts (E.G., Least Privilege, Mfa)., Enhance Logging And Monitoring For Entra Id And Other Identity Providers., Conduct Regular Audits Of Third-Party Cloud Provider Access And Permissions., Deploy Advanced Threat Detection For Post-Exploitation Tools (E.G., Rats, Web Shells)., Isolate Soho Devices From Corporate Networks To Prevent Proxy Abuse.,
Incident : Data Breach BOOIRSUS-1769454012
Root Causes: Inadequate safeguards for sensitive data, insider threat exploitation
Corrective Actions: Termination of contracts with Booz Allen Hamilton
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Fbi, Cisa, , Fbi, Cisa, Intelligence Agencies, , Crowdstrike (Investigation/Reporting), , Recommended: Monitor Entra Id Service Principal Sign-Ins, Enforce Mfa For Cloud Accounts, Patch Cloud Infrastructure, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Implement Stricter Access Controls For Cloud Provider Accounts (E.G., Least Privilege, Mfa)., Enhance Logging And Monitoring For Entra Id And Other Identity Providers., Conduct Regular Audits Of Third-Party Cloud Provider Access And Permissions., Deploy Advanced Threat Detection For Post-Exploitation Tools (E.G., Rats, Web Shells)., Isolate Soho Devices From Corporate Networks To Prevent Proxy Abuse., , Termination of contracts with Booz Allen Hamilton.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Iranian government-sponsored hackers, Chinese state-sponsored APT actor, Advanced Persistent Threat group linked to the Chinese government, Chinese state-sponsored hacking groups, Murky PandaSilk Typhoon (Microsoft)Hafnium and Charles Edward Littlejohn.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2024-12-01.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-01-01.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $21 million (total contract obligations).
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Unclassified documents, Unclassified documents, More than 3,000 files, emails, sensitive organizational data, application data, and Sensitive tax records.
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident were Domain controller (DC)Multiple hostsVMware Horizon server and and and and cloud environments (Microsoft Entra ID, SaaS providers)downstream customer networkscompromised SOHO devices (used as proxies)servers with deployed web shells (Neo-reGeorg, China Chopper) and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was fbi, cisa, , fbi, cisa, intelligence agencies, , crowdstrike (investigation/reporting), .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Termination of contracts.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were sensitive organizational data, Unclassified documents, More than 3,000 files, application data, Sensitive tax records and emails.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 409.0K.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was 12 individuals indicted by the Department of Justice, , Criminal prosecution of Charles Edward Littlejohn.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Custom malware (e.g., CloudedHope RAT) and open-source tools (e.g., Neo-reGeorg) are used for persistence., Need for improved safeguards and monitoring of contractors with access to sensitive data.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Segment cloud environments to limit lateral movement via trusted relationships., Enforce multi-factor authentication (MFA) for all cloud provider accounts, especially those with administrative privileges., Audit and rotate application registration secrets in Entra ID., Promptly patch cloud-facing infrastructure, including zero-day vulnerabilities., Restrict delegated administrative privileges (DAP) and review Admin Agent group memberships., Enhance insider threat detection, implement stricter access controls, and conduct regular audits of contractor activities, Monitor for traffic originating from compromised SOHO devices., Monitor Entra ID logs for anomalous service principal sign-ins., Deploy behavioral detection for web shells (e.g., Neo-reGeorg and China Chopper) and custom malware..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are CrowdStrike Report on Murky Panda/Silk Typhoon, ProPublica, Microsoft Threat Intelligence (Silk Typhoon), Court Documents, U.S. Department of the Treasury and The New York Times.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is ongoing (per CrowdStrike and Microsoft reports).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Public statement by Treasury Secretary Scott Bessent, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Organizations relying on cloud/SaaS providers advised to review trust models and monitoring practices.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Log4Shell vulnerability, BeyondTrust software and Remote support software from BeyondTrust.
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Three-month period.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Unpatched VMware Horizon server, Vulnerabilities in remote support software, Flaws in BeyondTrust software, Over-reliance on trusted cloud relationships without sufficient monitoring.Lack of visibility into delegated administrative privileges (DAP) in cloud environments.Delayed patching of zero-day vulnerabilities in cloud-facing infrastructure.Insufficient detection for web shells and custom malware in compromised systems., Inadequate safeguards for sensitive data, insider threat exploitation.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Implement stricter access controls for cloud provider accounts (e.g., least privilege, MFA).Enhance logging and monitoring for Entra ID and other identity providers.Conduct regular audits of third-party cloud provider access and permissions.Deploy advanced threat detection for post-exploitation tools (e.g., RATs, web shells).Isolate SOHO devices from corporate networks to prevent proxy abuse., Termination of contracts with Booz Allen Hamilton.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=us-treasury' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
