David Puner: You’re listening to the Trust Issues Podcast. I’m David Puner, a Senior Editorial Manager at CyberArk, the global leader in identity security.<\/p>\n
December has become something of a notorious month for major cyberattacks. In December 2020, there was the landmark SolarWinds attack. The following December, attackers exploited a critical vulnerability in a widely used open-source software development library called Log4j, also known as Log4Shell. Then in 2022, it was the disclosure of the LastPass data breach.<\/p>\n
Obviously, these are just a few prominent examples. Is it coincidental that these major attacks occurred or came to light during or near the holiday season? Probably not.<\/p>\n
According to today\u2019s guests, we\u2019re here to discuss yet another high-profile attack, the details of which started to unfold last month\u2014another unwelcome holiday cyber surprise. This time, an attack on the U.S. Treasury Department along with 16 other BeyondTrust customers, as we’ve learned in an investigation update published by BeyondTrust since we recorded this podcast conversation.<\/p>\n
In this episode, Andy Thompson, CyberArk Labs Senior Offensive Research Evangelist, and Joe Garcia, CyberArk’s Principal DevOps Solutions Engineer, discuss the U.S. Treasury attack timeline, details, and potential reasons behind it. They also provide proactive security recommendations and insights into broader implications and future threat preparedness.<\/p>\n
Quick note: We\u2019re not here to criticize BeyondTrust. Our intention is to learn from this incident, to bolster our collective defenses against future cyber threats, and, in some small way, perhaps help prevent or mitigate the next potential major security event.<\/p>\n
So let\u2019s get right to it. Here\u2019s my conversation with Andy Thompson and Joe Garcia.<\/p>\n
David Puner: Andy Thompson, Senior Offensive Research Evangelist at CyberArk Labs, and Joe Garcia, DevOps Principal Solutions Engineer at CyberArk, welcome to the show, guys.<\/p>\n
Andy Thompson: Good to be back.<\/p>\n
Joe Garcia: And hello, Joe. I’ve been here this whole time. You never asked me to come on. No, I’m just kidding. I’m very thankful you asked me, and I appreciate being here to be able to hang out with Andy and you.<\/p>\n
David Puner: Today, we\u2019re here to discuss yet another major cyber breach. This time, it\u2019s the recent attack on the U.S. Treasury Department, and you guys have been digging deeply into it.<\/p>\n
So, to start things off and to give listeners an idea of what this breach is and what happened, Andy, first off, how does CyberArk Labs approach this kind of cybersecurity research and analysis? And then, Joe, we\u2019ll talk to you about your angle on all of it as well.<\/p>\n
Andy Thompson: The question is, how did this happen? Through multiple zero-day vulnerabilities? Something that, for all intents and purposes, was unavoidable? How did that cause a breach? You know, that\u2019s something we could talk about.<\/p>\n
David Puner: So you guys are thinking like attackers, which we all do here at CyberArk, but CyberArk Labs\u2014that is the mindset, right?<\/p>\n
Andy Thompson: Our marching orders are to think like an attacker so that Joe here can become a better defender\u2014understanding the tactics, techniques, and procedures of what a threat actor did.<\/p>\n
And again, we\u2019re basing it only purely on publicly available information currently. But once we have this information in hand, Joe can provide us with better guidance as to how to protect against the attacks that we\u2019re seeing in the wild.<\/p>\n
David Puner: So, Joe, this is how you approach it. And this is how you and Andy have gotten together on this particular breach.<\/p>\n
Joe Garcia: Yeah, absolutely. Andy has done a great job of really breaking down the timeline of events of this attack and providing me with all of the details of what transpired.<\/p>\n
So really, it\u2019s a great opportunity for me now to adjust my messaging to the different organizations that I engage with on a day-to-day basis\u2014to start ensuring that I am providing them with the different defensive strategies and mitigation strategies they can employ so that this doesn\u2019t happen to them now that we know the zero-days, how they work, and how they can be used in the real world.<\/p>\n
David Puner: And I think that\u2019s a great thing to mention at the top of this conversation, which is zero-days.<\/p>\n
So for those who may not entirely know, what is a zero-day vulnerability?<\/p>\n
Joe Garcia: If you think in terms of, like, the pandemic we just went through\u2014it\u2019s not like it goes from one day of nothing happening to now we\u2019re in a pandemic. There\u2019s always a patient zero\u2014it has to start somewhere.<\/p>\n
And in terms of vulnerabilities and exploits, a zero-day is a vulnerability or an exploit that has not been utilized in the wild before, so it\u2019s the first time everyone is seeing it. Meaning, there is no defense for this particular exploit\u2014similar to a patient zero.<\/p>\n
So in this case, our patient zero is what we\u2019re going to be talking about today in terms of the exploits that were utilized. But Andy, if you want to add to that, go for it.<\/p>\n
Andy Thompson: Well, this isn\u2019t just a regular zero-day. Zero-days come in all shapes, forms, and flavors, but this was an RCE\u2014a remote code execution vulnerability. An unauthenticated code injection vulnerability that allowed really anybody from any distance to inject code into an application server.<\/p>\n
And not just any application server\u2014an application server that is touching government infrastructure.<\/p>\n
This was a pretty nasty remote code execution vulnerability that we\u2019re talking about. And that\u2019s what makes this particular breach so interesting. Typically, we see end-days or just patched vulnerabilities being exploited by random organizations and nation-states too. But you rarely see zero-days in the wild.<\/p>\n
So that\u2019s what really brought our attention to this issue.<\/p>\n
David Puner: So we’re sort of talking around what actually happened. Maybe we should get right into the details.<\/p>\n
What do we know about this U.S. Treasury Department breach? When did we start getting visibility into it?<\/p>\n
Andy Thompson: Visibility started in early December. That\u2019s when they detected some sort of anomalous behavior. Several days later, they confirmed it was malicious in intent.<\/p>\n
At that point, they started investigating it as a security incident, bringing in the victim\u2014in this case, the U.S. Treasury Department\u2014making them aware that, yes, they had been compromised.<\/p>\n
They didn\u2019t know how at first, just that a threat actor had accessed their systems in early December. But at least a week later, they determined that two separate zero-days had been exploited\u2014the first was an unauthenticated remote code execution vulnerability, and then, a few days later, a second zero-day command injection vulnerability.<\/p>\n
And that\u2019s really where we lose visibility into the attack. This is where the speculation zone comes in\u2014how the API key was acquired, which allowed the threat actor to pivot from BeyondTrust\u2019s infrastructure into the infrastructure of the Treasury Department.<\/p>\n
David Puner: So how did the attackers manage to obtain the API key and get into the Treasury Department, which is obviously a very high-profile target?<\/p>\n
Joe Garcia: Unfortunately, that\u2019s something we don\u2019t know today.<\/p>\n
All I can really speak to is the most common things we experience when we engage with organizations facing similar challenges.<\/p>\n
Andy Thompson: That\u2019s exactly why I wanted to bring you in, Joe. You spend a lot of time with different organizations and have seen where the vulnerabilities tend to be.<\/p>\n
So, from a speculation perspective, what could have happened here?<\/p>\n
Joe Garcia: Typically, what ends up happening is somebody is just trying to take a shortcut, and the API key gets hardcoded into code.<\/p>\n
Maybe the intention was to move that API key eventually to a centralized solution where it could be programmatically retrieved, but it never happened.<\/p>\n
That\u2019s the problem with phased approaches\u2014something gets put off until later, but then another priority comes up, and suddenly, what was meant to be temporary becomes permanent.<\/p>\n
We don\u2019t know exactly what happened here, but we can assume it was not secured properly.<\/p>\n
Had it been secured and programmatically retrieved, the entire timeline of events would have never occurred.<\/p>\n
David Puner: Do we know who the attacker is and what their motivation was?<\/p>\n
Andy Thompson: The assumption from the federal government is that it was the Chinese government.<\/p>\n
How and why? Public data doesn\u2019t say.<\/p>\n
And it\u2019s not because of any technical indicators. The indicators of compromise that BeyondTrust has provided so far include a handful of IP addresses\u2014four IPv4 and five IPv6\u2014all pointing to U.S.-based infrastructure, specifically in New Jersey.<\/p>\n
So, none of the technical evidence provides direct attribution to China. It\u2019s more circumstantial evidence\u2014the timing, what data was exfiltrated, and the modus operandi.<\/p>\n
Their playbook is intelligence gathering, and that\u2019s what this attack seems to align with.<\/p>\n
David Puner: Do we know what kind of data was taken and what the intention might be?<\/p>\n
Andy Thompson: The specifics haven\u2019t been fully disclosed.<\/p>\n
But what concerns me most is that the significance of the data is being downplayed.<\/p>\n
They\u2019re saying, \u201cIt\u2019s okay, folks, it was unclassified data.\u201d<\/p>\n
That doesn\u2019t matter. The amount of data, the sensitivity\u2014especially when we start talking about things like sanctions\u2014this is really damaging stuff.<\/p>\n
Whether it\u2019s classified or not is irrelevant.<\/p>\n
Joe Garcia: Yeah, I think the terminology is really what we need to focus on in the reports that are coming out.<\/p>\n
Anybody familiar with the government\u2019s file classification system knows that \u201cunclassified\u201d can mean a lot of things.<\/p>\n
At the lowest level, unclassified non-sensitive documents could be just everyday administrative stuff\u2014like to-do lists or generic memos.<\/p>\n
But then you also have unclassified sensitive files, and that\u2019s what was exfiltrated here.<\/p>\n
While it may not be classified, it\u2019s still sensitive documentation.<\/p>\n
It could include draft orders, early-stage policy documents\u2014things that allow a nation-state to predict future U.S. government moves before they happen.<\/p>\n
So, just because it\u2019s unclassified doesn\u2019t mean it\u2019s not a big deal.<\/p>\n
David Puner: So, Andy, just to cut right through it\u2014what went wrong?<\/p>\n
Andy Thompson: So many things, David.<\/p>\n
From the application development perspective, zero-days were the root cause. These vulnerabilities, which for all intents and purposes were unavoidable, could have potentially been discovered through better software development lifecycle practices.<\/p>\n
But that\u2019s just one piece.<\/p>\n
Another major issue was the API key. We don\u2019t know exactly how the attackers got hold of it, but we do know that it was compromised, and that was a major problem.<\/p>\n
Then there\u2019s the broader issue of third-party access. A vendor\u2019s infrastructure was exploited, and that opened the door to a government entity\u2019s systems. That\u2019s a problem.<\/p>\n
And finally, the attack wasn\u2019t detected soon enough. The timeline of events stretched too long before action was taken.<\/p>\n
David Puner: At what point did BeyondTrust become part of this story?<\/p>\n
Joe Garcia: I don\u2019t even know that we can place blame anywhere just yet.<\/p>\n
We still don\u2019t know how the API key was obtained.<\/p>\n
Was it accidentally put into source code and committed to a public repository? Was it written down in a document somewhere? We just don\u2019t know.<\/p>\n
But what we do know is that BeyondTrust\u2019s SaaS backend\u2014segregated for federal government customers\u2014was accessed using that API key.<\/p>\n
That means it should have been treated with a much higher level of scrutiny and security.<\/p>\n
Hopefully, a key takeaway from this breach is that when a SaaS-based environment serves federal entities, it needs extra protections\u2014period.<\/p>\n
Andy Thompson: And I really think it\u2019s important to go back to a point you made earlier, Joe.<\/p>\n
Had proper API key management been in place, regardless of the zero-day vulnerabilities, this attack wouldn\u2019t have happened.<\/p>\n
Is that right?<\/p>\n
Joe Garcia: That is correct.<\/p>\n
Even if we assume some unavoidable security exception allowed the API key to be exposed\u2014just having it expire with a time-to-live mechanism could have prevented all of this.<\/p>\n
BeyondTrust actually provided guidance on this.<\/p>\n
They advised the U.S. Treasury to implement IP whitelisting, aggressive event monitoring, and secure API key management.<\/p>\n
That guidance addressed the initial attack vector. But there were still additional defenses that could have been put in place further down the line to stop the attack at later stages.<\/p>\n
For example, had they implemented a zero-standing privileges (ZSP) approach, even if the attackers had gained access, there wouldn\u2019t have been accounts with standing privileges for them to exploit.<\/p>\n
If endpoint security had been properly configured, unauthorized access from unusual geolocations could have been blocked.<\/p>\n
So, while securing the API key was step one, there were multiple opportunities to contain the damage before it escalated.<\/p>\n
David Puner: In your conversations with customers and security leaders, what are they asking about this breach?<\/p>\n
And what recommendations are you giving them to protect their organizations?<\/p>\n
Joe Garcia: This is already coming up a lot.<\/p>\n
With all the press and attention this breach is getting\u2014especially since there\u2019s speculation about ties to China\u2014it\u2019s top of mind for a lot of people.<\/p>\n
The main advice I\u2019m giving organizations is to immediately audit their third-party SaaS applications, APIs, and vendors.<\/p>\n
This doesn\u2019t have to be an external audit\u2014just an internal check to assess where their biggest risks are.<\/p>\n
Now is also the time to demand more security accountability from vendors.<\/p>\n
Organizations should require vendors to submit to regular security assessments, provide a software bill of materials (SBOM), and prove that they\u2019re securing sensitive assets.<\/p>\n
At CyberArk, for example, we provide third-party notices that outline our SBOM. Every SaaS vendor should be able to do this.<\/p>\n
This kind of proactive risk management strengthens security posture and reduces exposure to attacks like this one.<\/p>\n
David Puner: In the CyberArk Labs blog analyzing this attack, there\u2019s mention of these so-called \u201cunwelcome holiday surprises\u201d\u2014breaches that seem to happen year after year during the holiday season.<\/p>\n
Why do so many major attacks seem to take place during this time of year? Is it just a coincidence?<\/p>\n
Did the timing of this attack in December impact detection and response efforts?<\/p>\n
Andy Thompson: There could be some truth to that.<\/p>\n
Threat actors often time their attacks for when security teams are understaffed or on holiday breaks, making response times slower.<\/p>\n
That said, I don\u2019t necessarily think the timing of this particular attack was intentional. It seemed more opportunistic than strategic.<\/p>\n
But we have seen many cases where attackers strike during long weekends or holiday periods to maximize damage before detection.<\/p>\n
Joe Garcia: Yeah, I was reading an article the other day about OpenAI\u2019s models slowing down in December.<\/p>\n
Apparently, because OpenAI\u2019s models were trained on human-generated internet content, they \u201clearned\u201d that productivity declines in December.<\/p>\n
Humans, in general, tend to slow down during this time\u2014there are more vacations, fewer people actively working, and overall less responsiveness.<\/p>\n
So attackers might take advantage of that.<\/p>\n
Another factor is the widespread moratorium freezes that many organizations put in place at the end of the year.<\/p>\n
These freezes prevent changes to systems and limit updates, meaning if an attack happens during that time, there\u2019s less agility to respond.<\/p>\n
So it\u2019s not just that people are relaxed\u2014it\u2019s also that organizations are operating in a mode where making major security adjustments is much harder.<\/p>\n
David Puner: Do we know when the initial attack actually occurred?<\/p>\n
Andy Thompson: We know when they detected suspicious activity\u2014early December.<\/p>\n
But we don\u2019t know when the initial compromise happened.<\/p>\n
It\u2019s very likely that attackers were inside the system much earlier than December 8.<\/p>\n
David Puner: And as far as more details being disclosed, is there a point where we just won\u2019t learn anything else?<\/p>\n
Andy Thompson: That\u2019s the unfortunate reality.<\/p>\n
CISA, BeyondTrust, and other parties involved have largely closed the book on this.<\/p>\n
We\u2019re unlikely to get more details\u2014especially when it comes to how exactly the API keys were acquired.<\/p>\n
The investigation has moved on, and I doubt we\u2019ll see any further technical disclosures.<\/p>\n
David Puner: Now, you guys are hosting a webinar about this breach.<\/p>\n
How can people watch it, and what are you going to be covering?<\/p>\n
Andy Thompson: Yeah, Joe and I have been going deep into this breach, and we\u2019ll be covering even more in the upcoming webinar.<\/p>\n
The blog post we published gives a good overview, but we can only go so far in a written format.<\/p>\n
In the webinar, we\u2019ll be able to go more in-depth, including some areas we didn\u2019t cover in this podcast.<\/p>\n
Joe is also going to talk about the best practices that were either overlooked or not properly followed.<\/p>\n
Joe Garcia: Right\u2014BeyondTrust provided some recommendations, but I think there are still gaps.<\/p>\n
At CyberArk, we take a more holistic approach to identity security, and I\u2019ll be diving into the specific controls that could have prevented this breach entirely.<\/p>\n
I\u2019ll also be covering how organizations can proactively assess their own environments to make sure they\u2019re not vulnerable to similar attacks.<\/p>\n
David Puner: At the end of the day, this is all about prevention.<\/p>\n
We\u2019re not here to criticize BeyondTrust\u2014we\u2019re here to learn from this and help organizations strengthen their defenses.<\/p>\n
Andy Thompson: Exactly.<\/p>\n
This isn\u2019t about pointing fingers. It\u2019s about using this as a learning opportunity to improve security across the industry.<\/p>\n
David Puner: Well, guys, thanks so much for joining me on the podcast today.<\/p>\n
Andy, Joe\u2014always great to have you both here. Looking forward to our next conversation.<\/p>\n
Andy Thompson: Thanks, David.<\/p>\n
Joe Garcia: Appreciate it!<\/p>\n
David Puner: Thanks for listening to Trust Issues.<\/p>\n
If you enjoyed this episode, check out our back catalog for more conversations with cybersecurity experts.<\/p>\n
Make sure to follow us wherever you get your podcasts, and if you have questions or comments, drop us a line at trustissues@cyberark.com.<\/p>\n
See you next time.<\/p><\/div>\n","protected":false},"featured_media":213855,"template":"","class_list":["post-201870","podcast","type-podcast","status-publish","has-post-thumbnail","hentry"],"acf":[],"yoast_head":"\n
EP 70 - Zero Days and High Stakes: The US Treasury Attack | CyberArk<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cyberark.com\/podcasts\/ep-70-zero-days-and-high-stakes-the-us-treasury-attack\/\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"EP 70 - Zero Days and High Stakes: The US Treasury Attack\" \/>\n<meta property=\"og:description\" content=\"In this episode of Trust Issues, host David Puner dives into the recent high-profile cyberattack on the U.S. Treasury Department. Joined by Andy Thompson, CyberArk Labs’ Senior Offensive Research Evangelist, and Joe Garcia, CyberArk\u2019s Principal DevOps So...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cyberark.com\/podcasts\/ep-70-zero-days-and-high-stakes-the-us-treasury-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"CyberArk\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/CyberArk\/\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-03T21:54:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cyberark.com\/wp-content\/uploads\/2025\/01\/NDc1Yy5qcGc-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1400\" \/>\n\t<meta property=\"og:image:height\" content=\"1400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@CyberArk\" \/>\n<meta name=\"twitter:label1\" content=\"\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593\" \/>\n\t<meta name=\"twitter:data1\" content=\"16\u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cyberark.com\/podcasts\/ep-70-zero-days-and-high-stakes-the-us-treasury-attack\/\",\"url\":\"https:\/\/www.cyberark.com\/podcasts\/ep-70-zero-days-and-high-stakes-the-us-treasury-attack\/\",\"name\":\"EP 70 - Zero Days and High Stakes: The US Treasury Attack | CyberArk\",\"isPartOf\":{\"@id\":\"https:\/\/www.cyberark.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.cyberark.com\/podcasts\/ep-70-zero-days-and-high-stakes-the-us-treasury-attack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.cyberark.com\/podcasts\/ep-70-zero-days-and-high-stakes-the-us-treasury-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cyberark.com\/wp-content\/uploads\/2025\/01\/NDc1Yy5qcGc-1.jpg\",\"datePublished\":\"2025-01-23T17:46:46+00:00\",\"dateModified\":\"2026-04-03T21:54:20+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cyberark.com\/podcasts\/ep-70-zero-days-and-high-stakes-the-us-treasury-attack\/#breadcrumb\"},\"inLanguage\":\"ja\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cyberark.com\/podcasts\/ep-70-zero-days-and-high-stakes-the-us-treasury-attack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\/\/www.cyberark.com\/podcasts\/ep-70-zero-days-and-high-stakes-the-us-treasury-attack\/#primaryimage\",\"url\":\"https:\/\/www.cyberark.com\/wp-content\/uploads\/2025\/01\/NDc1Yy5qcGc-1.jpg\",\"contentUrl\":\"https:\/\/www.cyberark.com\/wp-content\/uploads\/2025\/01\/NDc1Yy5qcGc-1.jpg\",\"width\":1400,\"height\":1400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cyberark.com\/podcasts\/ep-70-zero-days-and-high-stakes-the-us-treasury-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cyberark.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"EP 70 – Zero Days and High Stakes: The US Treasury Attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cyberark.com\/#website\",\"url\":\"https:\/\/www.cyberark.com\/\",\"name\":\"CyberArk\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.cyberark.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cyberark.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ja\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cyberark.com\/#organization\",\"name\":\"CyberArk Software\",\"url\":\"https:\/\/www.cyberark.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\/\/www.cyberark.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cyberark.com\/wp-content\/uploads\/2021\/02\/cyberark-logo-dark.svg\",\"contentUrl\":\"https:\/\/www.cyberark.com\/wp-content\/uploads\/2021\/02\/cyberark-logo-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"CyberArk Software\"},\"image\":{\"@id\":\"https:\/\/www.cyberark.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/CyberArk\/\",\"https:\/\/x.com\/CyberArk\",\"https:\/\/www.linkedin.com\/company\/cyber-ark-software\/\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"EP 70 - Zero Days and High Stakes: The US Treasury Attack | CyberArk","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cyberark.com\/podcasts\/ep-70-zero-days-and-high-stakes-the-us-treasury-attack\/","og_locale":"ja_JP","og_type":"article","og_title":"EP 70 - Zero Days and High Stakes: The US Treasury Attack","og_description":"In this episode of Trust Issues, host David Puner dives into the recent high-profile cyberattack on the U.S. Treasury Department. Joined by Andy Thompson, CyberArk Labs’ Senior Offensive Research Evangelist, and Joe Garcia, CyberArk\u2019s Principal DevOps So...","og_url":"https:\/\/www.cyberark.com\/podcasts\/ep-70-zero-days-and-high-stakes-the-us-treasury-attack\/","og_site_name":"CyberArk","article_publisher":"https:\/\/www.facebook.com\/CyberArk\/","article_modified_time":"2026-04-03T21:54:20+00:00","og_image":[{"width":1400,"height":1400,"url":"https:\/\/www.cyberark.com\/wp-content\/uploads\/2025\/01\/NDc1Yy5qcGc-1.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@CyberArk","twitter_misc":{"\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593":"16\u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.cyberark.com\/podcasts\/ep-70-zero-days-and-high-stakes-the-us-treasury-attack\/","url":"https:\/\/www.cyberark.com\/podcasts\/ep-70-zero-days-and-high-stakes-the-us-treasury-attack\/","name":"EP 70 - Zero Days and High Stakes: The US Treasury Attack | CyberArk","isPartOf":{"@id":"https:\/\/www.cyberark.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cyberark.com\/podcasts\/ep-70-zero-days-and-high-stakes-the-us-treasury-attack\/#primaryimage"},"image":{"@id":"https:\/\/www.cyberark.com\/podcasts\/ep-70-zero-days-and-high-stakes-the-us-treasury-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cyberark.com\/wp-content\/uploads\/2025\/01\/NDc1Yy5qcGc-1.jpg","datePublished":"2025-01-23T17:46:46+00:00","dateModified":"2026-04-03T21:54:20+00:00","breadcrumb":{"@id":"https:\/\/www.cyberark.com\/podcasts\/ep-70-zero-days-and-high-stakes-the-us-treasury-attack\/#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cyberark.com\/podcasts\/ep-70-zero-days-and-high-stakes-the-us-treasury-attack\/"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/www.cyberark.com\/podcasts\/ep-70-zero-days-and-high-stakes-the-us-treasury-attack\/#primaryimage","url":"https:\/\/www.cyberark.com\/wp-content\/uploads\/2025\/01\/NDc1Yy5qcGc-1.jpg","contentUrl":"https:\/\/www.cyberark.com\/wp-content\/uploads\/2025\/01\/NDc1Yy5qcGc-1.jpg","width":1400,"height":1400},{"@type":"BreadcrumbList","@id":"https:\/\/www.cyberark.com\/podcasts\/ep-70-zero-days-and-high-stakes-the-us-treasury-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cyberark.com\/"},{"@type":"ListItem","position":2,"name":"EP 70 – Zero Days and High Stakes: The US Treasury Attack"}]},{"@type":"WebSite","@id":"https:\/\/www.cyberark.com\/#website","url":"https:\/\/www.cyberark.com\/","name":"CyberArk","description":"","publisher":{"@id":"https:\/\/www.cyberark.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cyberark.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Organization","@id":"https:\/\/www.cyberark.com\/#organization","name":"CyberArk Software","url":"https:\/\/www.cyberark.com\/","logo":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/www.cyberark.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.cyberark.com\/wp-content\/uploads\/2021\/02\/cyberark-logo-dark.svg","contentUrl":"https:\/\/www.cyberark.com\/wp-content\/uploads\/2021\/02\/cyberark-logo-dark.svg","width":"1024","height":"1024","caption":"CyberArk Software"},"image":{"@id":"https:\/\/www.cyberark.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/CyberArk\/","https:\/\/x.com\/CyberArk","https:\/\/www.linkedin.com\/company\/cyber-ark-software\/"]}]}},"_links":{"self":[{"href":"https:\/\/www.cyberark.com\/ja\/wp-json\/wp\/v2\/podcast\/201870","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cyberark.com\/ja\/wp-json\/wp\/v2\/podcast"}],"about":[{"href":"https:\/\/www.cyberark.com\/ja\/wp-json\/wp\/v2\/types\/podcast"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cyberark.com\/ja\/wp-json\/wp\/v2\/media\/213855"}],"wp:attachment":[{"href":"https:\/\/www.cyberark.com\/ja\/wp-json\/wp\/v2\/media?parent=201870"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}