Chinese state-backed hackers have compromised US Treasury computers and accessed unclassified information, after targeting a third-party cybersecurity vendor, it has emerged.
The Treasury confirmed the news in a letter to the Senate Committee on Banking, Housing and Urban Affairs, dated December 30 and shared widely on X (formerly Twitter).
“On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users,” the letter revealed.
“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
Read more on US government breaches: Massive Telecom Hack Exposes US Officials to Chinese Espionage
The Treasury said it immediately enlisted the help of the Cybersecurity and Infrastructure Security Agency (CISA), alongside the FBI, intelligence services and third-party investigators, and attributed the attack to “a China state-sponsored Advanced Persistent Threat (APT) actor.”
The compromised BeyondTrust service was taken offline and the Treasury claimed that there’s no evidence to suggest the threat actors have continued access to its networks or sensitive data.
However, Citizen Lab senior researcher John Scott-Railton voiced concerns over the scope of the attack.
“The analogy is: hacker breaks into your plumber’s office and steals master keys to the buildings they service,” he explained on X. “Given BeyondTrust’s big client list, makes one wonder if other customers were targeted.”
No tags.
