US Treasury Department Workstation Hacked By China-Backed Actor

The United States Treasury Department has stated that it was hacked by a Chinese state-sponsored actor who gained access to government workstations and unclassified documents.

The officials were said to have described it as a β€œmajor incident,” as the Treasury Department notified lawmakers on Monday.

According to a letter reviewed by CNN, a Treasury official said it was informed by a third-party software service provider on December 8 that a threat actor used a stolen key to remotely access certain Treasury workstations and unclassified documents.

β€œBased on available indicators, the incident has been attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) actor,” Aditi Hardikar, assistant secretary for management at the US Treasury, wrote in the letter.

A Treasury spokesperson said in a statement to CNN that the compromised service has been taken offline and officials are working with law enforcement and the Cybersecurity and Infrastructure Security Agency (CISA).

β€œThere is no evidence indicating the threat actor has continued access to Treasury systems or information,” the Treasury spokesperson said.

Treasury officials plan to hold a classified briefing about the breach next week with staffers from the House Financial Services Committee, a senior committee staffer told CNN. The exact timing of the briefing has not been scheduled yet.

Also Read:  GBAM! Man Flogged In Mosque For Spending Time Alone With Woman Not His WifeΒ 

A spokesperson for China’s Foreign Ministry denied the accusation when asked about the hacking at a regular news briefing on Tuesday.

β€œWe have repeatedly stated our position on such groundless accusations lacking evidence. China has always opposed all forms of cyberattacks, and we are even more opposed to spreading false information about China for political purposes,” said Mao Ning, a spokesperson for the foreign ministry.

According to the letter to Senate Banking Committee leadership, the third-party software service provider, BeyondTrust, said hackers gained access to a key used by the vendor to secure a cloud-based service that Treasury uses for technical support.

β€œWith access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury [Departmental Office] user workstations, and access certain unclassified documents maintained by those users,” the Treasury letter said.

Also Read:  US Government Tells Court Tinubu Is 'CIA Asset', Insists Nigerians Have No Right To Access President’s Past Records

According to the report, BeyondTrust said it identified a security incident that took place on December 2 involving its Remote Support product and notified the β€œlimited number” of customers involved after the company confirmed on December 5 that it had confirmed β€œanomalous behavior” in the product.

It posted information regarding the incident on its website on December 8, and it has been updating its progress in investigating the cause and mitigating future threats. The company said it suspended and quarantined the impacted instances of the product and hired an outside cybersecurity team to investigate.

β€œNo other BeyondTrust products were involved,” a Beyond Trust spokesperson said. β€œLaw enforcement was notified and BeyondTrust has been supporting the investigative efforts.”

It’s not clear exactly how many workstations were infiltrated. However, the Treasury spokesperson said in the statement that β€œseveral” Treasury user workstations were accessed.

Hardikar said in the letter that based on Treasury policy, intrusions attributed to advanced persistent threat actors are considered a β€œmajor cybersecurity incident.” Treasury officials are required to provide an update in a 30-day supplemental report.

Also Read:  GBAM! Woman PoΒ‘sons One-Year-Old Baby To Get Online Donations

It’s not clear if Treasury has fully determined the extent of the damage caused by the breach.

Hardikar wrote in the letter that, in an effort to β€œfully characterize the incident and determine its overall impact,” Treasury has been working with CISA, the FBI, US intelligence agencies and third-party forensic investigators.

β€œCISA was engaged immediately upon Treasury’s knowledge of the attack, and the remaining governing bodies were contacted as soon as the scope of the attack became evident,” the letter said.

WARNING: If You Are Not 18+, Don’t Click The Link Below πŸ‘‡πŸ«£Β 

https://headacheaim.com/kx6iepv2qm?key=6c14bd1d68e1eba721851f19778f5efe

https://zireemilsoude.net/4/5193489

Please don’t forget to β€œAllow the notification” so you will be the first to get our gist when we publish it.
Drop your comment in the section below, and don’t forget to share the post.

Never Miss A Single News Or Gists, Kindly Join Us On WhatsApp Channel:
https://whatsapp.com/channel/0029Vad8g81Eawdsio6INn3B

Telegram Channel:
https://t.me/gistsmateNG

Leave a Reply

Your email address will not be published. Required fields are marked *

Go Up