Trending

News

US Treasury hacked by a Chinese threat actors

Chinese threat actors hacked the US Treasury
Listen to this article

A letter from the U.S. Treasury addressed to Senators Sherrod Brown (D-OH) and Tim Scott (R-SC) revealed that Chinese hackers accessed sensitive documents through a third-party vendor providing cybersecurity services to the agency.

The breach was first identified by the cybersecurity firm BeyondTrust, which alerted the Treasury Department on December 8. According to the Treasury, the attackers exploited a stolen key to a cloud-based tech support platform, allowing them to infiltrate employee workstations and access certain unclassified documents. The Treasury classified the state-sponsored attack as a “major incident” under its guidelines.

The attack was attributed to a Chinese advanced persistent threat (APT) group. The hackers reportedly obtained access to a key used by the vendor to secure the platform, enabling them to bypass security measures, remotely access Treasury Departmental Offices (DO) workstations, and retrieve unclassified data from affected users, the letter stated.

In response, the compromised BeyondTrust service was deactivated to prevent further breaches.

John Scott-Railton, a senior researcher at Citizen Lab, University of Toronto, highlighted the incident on X (formerly Twitter), describing how the attackers exploited the platform as a backdoor into Treasury systems. He added, “Given BeyondTrust’s extensive client base, it raises questions about whether other customers were also targeted.”

The letter noted that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) was promptly informed, prompting an official investigation involving the FBI and independent third-party experts.

A BeyondTrust spokesperson told Reuters on Monday that the company had “identified and addressed a security incident in early December 2024” related to its remote support product. Referring to a December 18 update on its website, the company stated it had “notified the limited number of affected customers” and confirmed its ongoing support for the investigation.

Tom Hegel, a threat researcher at SentinelOne, remarked that the incident aligns with a known pattern of operations by groups linked to the People’s Republic of China (PRC). These groups are known to exploit trusted third-party services, a method increasingly prevalent in recent years. However, BeyondTrust has not officially confirmed a connection to PRC-linked actors.

Meanwhile, a spokesperson for the Chinese Embassy in Washington denied any involvement, stating that Beijing “firmly opposes the U.S. smear attacks against China without any factual basis,” according to Reuters.

As of Monday, both CISA and the FBI had declined to comment.
Cyberkitera

Cyberkitera is a premier cybersecurity publishing platform dedicated to providing the latest insights, expert security tips, and news across all areas of cybersecurity. Our mission is to empower individuals and businesses with knowledge to prevent cyber threats, stay informed about emerging trends, and safeguard their digital assets. From industry updates to practical advice on protecting against cyber attacks, Cyberkitera is your trusted source for staying ahead in the ever-evolving world of cybersecurity.

view all posts

Related Posts

Post Comment

You May Have Missed