TRIBUNE
The United States Treasury Department has disclosed a significant cybersecurity breach involving a China-backed hacking group, marking what officials have termed a “major incident.”
The breach was revealed in a letter to lawmakers reviewed by CNN, detailing how the attackers gained access to certain Treasury workstations and unclassified documents.
The intrusion came to light on December 8, when a third-party software provider notified the Treasury of a stolen key being used to remotely access the department’s systems.
“Based on available indicators, the incident has been attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) actor,” wrote Aditi Hardikar, assistant secretary for management at the Treasury, in the letter.
In response, the compromised software service was taken offline, according to a Treasury spokesperson. The department has since been collaborating with the Cybersecurity and Infrastructure Security Agency (CISA) and law enforcement to address the breach.
“There is no evidence indicating the threat actor has continued access to Treasury systems or information,” the spokesperson confirmed.
The attack exploited a vulnerability in a cloud-based service provided by BeyondTrust, a software vendor that supports the Treasury’s technical operations. Hackers allegedly used the stolen key to bypass security measures and access the workstations.
“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury [Departmental Office] user workstations, and access certain unclassified documents maintained by those users,” the letter noted.
While it remains unclear how many workstations were affected, the Treasury acknowledged that “several” were compromised. Officials have classified the incident as a major cybersecurity breach, requiring updates under Treasury policy, including a supplemental report within 30 days.
READ THE FULL STORY IN TRIBUNE
Connect with us on our socials: