Hackers Override Security to Access U.S. Treasury Documents Credit | Getty images
United States: The Chinese state-sponsored hackers intruded into the U.S. Treasury Department’s safeguards in the recent one this month and stole documents that Treasury labeled as a huge incident, said the letter penned to lawmakers by Treasury that was made available to Reuters on Monday.
Key Access Exploited in Cyberattack
In the attack, the hackers targeted third-party cybersecurity service provider BeyondTrust and picked up unclassified documents, the letter stated.
According to the letter, hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
US Treasury says Chinese hackers stole documents in ‘major incident’ View: https://t.co/ewHbcfh99w pic.twitter.com/lMUpQwCik6
— RONDON👑 (@MenorRondon) December 31, 2024
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” the letter said.
The Treasury Department said BeyondTrust notified it of the breach on Dec. 8 and noted it is ‘‘actively coordinating with CISA and the FBI to determine the scope and severity of the breach.’’
The Treasury officials did not reply to an email sent for more information on the hack. The FBI declined to comment on the story to Reuters, CISA referred questions back to Treasury Department.
China Denies Involvement
’We have been opposed to any kind of hackers attacks,’ Mao Ning, a spokesperson for China’s foreign ministry responding during a regular news conference on Tuesday.
US officials reported a recent cyber attack on the Treasury Department by Chinese hackers, accessing employee workstations and unclassified documents. China denied involvement, stating opposition to hacking. Investigation ongoing.
— Hassan Salim (@HassanSalim200) December 31, 2024
– #categorization pic.twitter.com/HoTq28G5N7
A spokesman for the Chinese Embassy in Washington dismissed any accountability for the hack and criticized the U.S. explanation, saying that Beijing “strongly opposes the smear campaigns against China from the U.S. without basis.”
BeyondTrust Responds to Security Incident
A spokesperson for BeyondTrust, based in Johns Creek, Georgia, told Reuters in an email that the company “previously identified and took measures to address a security incident in early December 2024” involving its remote support product. BeyondTrust “notified the limited number of customers who were involved,” and law enforcement was notified, the spokesperson said. “BeyondTrust has been supporting the investigative efforts.”
‘Major incident’: China-backed hackers breached US Treasury workstations https://t.co/ly76PWwP61 | @MattEganCNN for @CNN pic.twitter.com/wnC2Zs8Z2W
— Jim Perry (@mi_jim) December 31, 2024
The spokesperson recalled a message the company posted on its website on Dec. 8, which offered some information from the investigation and revealed that an electronic key was stolen and an inquiry was launched. That statement was last updated on Dec. 18., as reported by Reuters.
Experts Highlight
Chinese hackers breach US Treasury in ‘major’ cyber attack https://t.co/vHQJ9935CY
— Independent US (@IndyUSA) December 31, 2024
The reported security incident “fits a well-documented pattern of operations by PRC-linked groups, with a particular focus on abusing trusted third-party services – a method that has become increasingly prominent in recent years,” according to Tom Hegel, a threat researcher at cybersecurity firm SentinelOne (S.N.), which is an acronym for the People’s Republic of China.
