t seems that recently some Chinese hackers that were sponsored by the state managed to break into the U.S. Treasury Department computers earlier this month.
In their letter to the lawmakers, the U.S. Treasury Department stated that earlier in December various hackers supported by the Chinese government gained remote access by compromising the third-party company dealing with cybersecurity, BeyondTrust. This cyberattack gave the hackers free access to numerous unclassified U.S. documents according to the letter.
The U.S. Treasury Department was initially notified by the cybersecurity provider BeyondTrust earlier in December. It should be mentioned that this company is focused on offering various big companies and organizations cybersecurity services offering access to remote tech support along with identity access. Even though the company’s preventive measures seemed effective, hackers somehow gained access to a certain key that was used by the vendor in order to have remote access and tech support.
“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.", the letter stated.
At that time, the company revealed that was experiencing a cybersecurity event that raised concerns about the document’s safety and security but chose to not disclose how this key was collected by the Chinese hackers. It should be mentioned that this Chinese-linked cyberattack represents the latest event that targeted the U.S. government in the past months.
Subscribe to our newsletter
The U.S. Treasury confirmed in their letter that the breach was linked to a state-sponsored advanced threat group from China. However, the certain group responsible for the intrusion remains unclear for now, and the U.S. Treasury spokesperson refused to provide further information.
"Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,", also the letter specified.
Also in this statement, Michael Gwin the Treasury spokesperson stated that the Chinese-supported hackers accessed remotely various Treasury workstations and obtained many unclassified important documents.
“Treasury takes very seriously all threats against our systems, and the data it holds. Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors,”, Michael Gwin stated.
Stay tuned for more U.S. government updates!
By
Bill O'Neill
•
December 31, 2024 1:00 PM
.webp)
