BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
Summary
Threat actors are actively exploiting CVE-2024-1731, a critical vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products. Exploitation leads to web shell deployment, backdoors, and data exfiltration, posing significant risks to organizations using these products.
IFF Assessment
FOE
Active exploitation of a critical vulnerability is bad news for defenders.
Severity
9.8
Critical
Defender Context
Defenders need to urgently patch BeyondTrust RS and PRA systems to address CVE-2024-1731 and scan for signs of compromise, including web shells and unauthorized access. The rapid exploitation of newly disclosed vulnerabilities is a common trend, highlighting the importance of timely patching and vulnerability management programs.