US Treasury Department Reports Security Breach Following China-Based APT Hacker Incident
news
2 min read
The US Treasury Department has been the victim of a major security breach. According to reports, a China-based threat actor gained access to several employee workstations and unclassified documents. This incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) hacker.
In a letter seen by The Verge, the Treasury Department stated that BeyondTrust, the company behind its remote management software, notified them of the breach on December 8th. It is alleged that the hackers stole a key used by BeyondTrust to secure a cloud-based service that provides technical support for Treasury Departmental Offices (DO) end users.
With this key, the attackers were able to remotely access the workstations and obtain some unclassified documents maintained by these employees. The Treasury Department has confirmed that they worked closely with the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI following the attack.
Fortunately, it seems that no evidence has been found indicating the threat actor still has access to Treasury systems or information. In response to this incident, a spokesperson for the department stated, “The compromised BeyondTrust service has been taken offline and there is no evidence indicating the threat actor has continued access to Treasury systems or information.”
This breach appears to be linked to a security incident that was disclosed by BeyondTrust earlier in the month. At the time, they attributed the attack to a compromised API key for its remote support software. It is worth noting that BeyondTrust suspended affected instances and notified impacted customers on the same day.
In response to this incident, the Treasury Department emphasized the importance of cybersecurity, stating, “Treasury takes very seriously all threats against our systems, and the data it holds.” They went on to say that over the last four years, they have significantly bolstered their cyber defense, and will continue to work with both private and public sector partners to protect the financial system from threat actors.
Source: www.theverge.com
