news 
FBI Investigates As U.S. Treasury Attack Confirmed Subscribe To Newsletters BETA THIS IS A BETA EXPERIENCE. OPT-OUT HERE More From Forbes Jan 2, 2025, 07:25am EST Google Play Store Update—Why You Need A New Phone In 2025 Jan 2, 2025, 07:20am EST U.S. Sanctions Iranian And Russian Groups For Election Interference Jan 2, 2025, 07:18am EST Trump Phone Hacker: 20-Year-Old U.S. Army Soldier Arrested Jan 2, 2025, 06:36am EST The Ultimate 2025 New Year’s Resolutions For Tech Leaders Jan 2, 2025, 06:14am EST Critical Google Chrome Warning For 2.6 Million As 2FA Hackers Attack Jan 2, 2025, 04:54am EST Porn Ban—New Threat For iPhone, iPad, Android Users Jan 1, 2025, 12:24pm EST Microsoft Update Decision—65% Of All Windows Users Now At Risk Jan 1, 2025, 10:03am EST Google Chrome Update—Bad News For Microsoft Windows Edit Story Forbes Innovation Cybersecurity FBI Investigates As U.S. Treasury Attack Confirmed Davey Winder Senior Contributor Opinions expressed by Forbes Contributors are their own. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Following Jan 2, 2025, 07:52am EST Share to Facebook Share to Twitter Share to Linkedin U.S. Department of the Treasury. has been hacked — what you need to know Bettmann Archive Update, Jan. 2, 2025: This story, originally published Dec. 31, 2024, now updated with comments from Dr. Raphael Yahalom, a research affiliate at MIT Sloan School of Management specializing in emerging solutions to help reshape the future of cybersecurity. A Dec. 30 letter to the Committee on Banking, Housing and Urban Affairs from Aditi Hardika, the assistant secretary for management at the U.S. Department of the Treasury, has confirmed that Chinese hackers were able to “access certain unclassified documents” during a Dec. 8 attack. As a joint investigation by the Department of the Treasury and the FBI continues, here’s what we know so far. Forbes New Windows Security Warning As Russian Cyberattacks Confirmed By Davey Winder FBI Investigation Underway—The U.S. Treasury Hack Timeline The letter from assistant secretary Hardika, seen by this reporter, provided notice that “the Department of the Treasury has determined that a major incident occurred. On December 8, 2024.” Notification of the incident was provided by a third-party software service, Beyond Trust, used by the Treasury. MORE FOR YOU Ukraine’s Newest Leopard 2 Brigade Began Disintegrating Before It Reached The Front Line New Orleans Truck Attack: Biden Says Suspect Posted Videos ‘Inspired By ISIS’ (Live Updates) Apple Watch Series 10 Price Slashed To All-Time Low In New Sale “A threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices end users,” Hardika said, “With access to the stolen key, the threat actor was able override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.” The gap between the U.S. Treasury being notified of the security incident and reporting it to the Committee on Banking, Housing and Urban Affairs would appear to be due to information gathering, which alerted the Treasury to “the scope of the attack.” The Treasury brought in the Cybersecurity and Infrastructure Security Agency immediately after being notified of the attack, with the remaining agencies, the FBI , intelligence community and third-party forensic investigators, contacted upon realization of the extent of the attack itself. Forbes Critical Gmail Warning—Don’t Click Yes To These Google Security Alerts By Davey Winder “Based on available indicators,” Hardika said, “the incident has been attributed to a China state-sponsored Advanced Persistent Threat actor.” Treasury Inadequately Prepared For Security Incident, MIT Research Affiliate Said Dr. Raphael Yahalom, a research affiliate at the Sloan School of Management , Massachusetts Institute of Technology, focuses on new evidence-based predictive methods for analyzing and prioritizing cyber-security risks, and for measuring cyber-security progress and business-value. “It seems that the Treasury,” Yahalom said, “as most other enterprises and government agencies, was inadequately prepared for such scenarios in multiple important ways.” Those ways, Dr. Yahalom said in an email, included: Not identifying BeyondTrust as a potential critical single point of failure and not considering a more decentralized approach to its high impact ‘privileged access management’ applications. Not adequately assessing the likelihood level of such a cyber breach at BeyondTrust, or other key third-party providers, based on analyzing the robustness of their internal end-to-end development and operations processes. Not considering the deployment of more advanced private-key-based authentication and reset methods. Not assessing systematically all the downstream Treasury asset dependencies that such a third-party compromise could impact, directly or indirectly (beyond unauthorized access to multiple confidential data repositories, similar attack vectors can lead to integrity manipulations in various assets, as well as to multiple operational disruption scenarios). Not conducting systematic what-if analysis and testing to determine appropriate levels of resiliency in cases of such cyber compromises of BeyondTrust or other key third parties. “In general,” Yahalom concluded, “new cyber risk management paradigms are required in the industry that would enable addressing such requirements in a more effective manner.” I have approached the Treasury for a statement. FBI And CISA Determine No Evidence Of Continued Access To Treasury Information, China Denies Involvement A spokesperson for the Chinese Foreign Ministry, Mao Ning, said that Beijing “has always opposed all forms of hacker attacks, and we are even more opposed to the spread of false information against China for political purposes. We have stated our position many times regarding such groundless accusations that lack evidence.” According to the U.S. Treasury itself, the compromised service from BeyondTrust has been taken offline and, as far as the investigation from CISA and the FBI can determine at this stage, “there is no evidence indicating the threat actor has continued access to Treasury information.” Forbes Dark Web Facial ID Farm Warning—Hackers Build Identity Fraud Database By Davey Winder Follow me on Twitter or LinkedIn . Check out my website or some of my other work here . Davey Winder Following Editorial Standards Forbes Accolades Join The Conversation Comments One Community. Many Voices. Create a free account to share your thoughts. Read our community guidelines here . Forbes Community Guidelines Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space. In order to do so, please follow the posting rules in our site’s Terms of Service. We’ve summarized some of those key rules below. Simply put, keep it civil. Your post will be rejected if we notice that it seems to contain: False or intentionally out-of-context or misleading information Spam Insults, profanity, incoherent, obscene or inflammatory language or threats of any kind Attacks on the identity of other commenters or the article’s author Content that otherwise violates our site’s terms. User accounts will be blocked if we notice or believe that users are engaged in: Continuous attempts to re-post comments that have been previously moderated/rejected Racist, sexist, homophobic or other discriminatory comments Attempts or tactics that put the site security at risk Actions that otherwise violate our site’s terms. So, how can you be a power user? Stay on topic and share your insights Feel free to be clear and thoughtful to get your point across ‘Like’ or ‘Dislike’ to show your point of view. Protect your community. Use the report tool to alert us when someone breaks the rules. Thanks for reading our community guidelines. Please read the full list of posting rules found in our site’s Terms of Service.
