Chinese state-sponsored hackers breached the U.S. Treasury Department’s computer security guardrails this month and stole documents in what Treasury called a ‘major incident.’
Treasury officials sounded the alarm about the breach in a letter to lawmakers on Monday in the latest suspected Chinese hack on American technology and officials.
The hackers compromised third-party cybersecurity service provider BeyondTrust and were able to access unclassified documents, the letter said.
According to the letter, hackers ‘gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users.
With access to the stolen key, the threat actor was able to override the service´s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.’
The Treasury Department said it was alerted to the breach by BeyondTrust on Dec. 8 and that it was working with the U.S. Cybersecurity and Infrastructure Security Agency and the FBI to assess the hack’s impact.
It said the hack was being investigated as a ‘major cybersecurity incident.’
‘Treasury takes very seriously all threats against our systems, and the data it holds,’ a department spokesperson said in a separate statement.
Chinese state-sponsored hackers breached the U.S. Treasury Department’s computer security guardrails this month and stole documents in what Treasury called a ‘major incident.’ Pictured: Chinese President Xi Jinping
Treasury officials sounded the alarm about the breach in a letter to lawmakers that on Monday in the latest suspected Chinese hack on American technology and officials. Pictured: U.S. Treasury Secretary Janet Yellen
‘Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors.’
Treasury officials didn’t immediately respond to an email seeking further details about the hack.
The FBI did not immediately respond to Reuters’ requests for comment, while CISA referred questions back to the Treasury Department.
A spokesperson for the Chinese Embassy in Washington rejected any responsibility for the hack, saying that Beijing ‘firmly opposes the U.S.’s smear attacks against China without any factual basis.’
BeyondTrust, based in Johns Creek, Georgia, did not immediately respond to requests for comment, but on its website, the company said it had recently identified a security incident that involved a limited number of customers of its remote support software.
The statement said a digital key had been compromised in the incident and that an investigation was under way.
Tom Hegel, a threat researcher at cybersecurity company SentinelOne, said it appeared the security incident described by BeyondTrust aligns closely with the reported hack at Treasury, though he cautioned that the company itself would need to confirm any connection.
‘This incident fits a well-documented pattern of operations by PRC-linked groups, with a particular focus on abusing trusted third-party services – a method that has become increasingly prominent in recent years,’ he said, using an acronym for the People’s Republic of China.
The Treasury Department said it was alerted to the breach by BeyondTrust on Dec. 8 and that it was working with the U.S. Cybersecurity and Infrastructure Security Agency and the FBI to assess the hack’s impact
American flags are displayed with Chinese flags on top of a trishaw
The revelation comes as U.S. officials are continuing to grapple with the fallout of a massive Chinese cyberespionage campaign known as Salt Typhoon that gave officials in Beijing access to private texts and phone conversations of an unknown number of Americans.
The cyberespionage campaign surfaced this year when hackers attacked networks of several telecommunications companies.
The hackers used their access to target the metadata of a large number of customers, including information on the dates, times and recipients of calls and texts.
They also succeeded in retrieving the actual audio files of calls and content from texts from a much smaller number of victims.
Despite months of investigation, the true scale of China‘s operation, including the total number of victims or whether the hackers still have some access to information, is currently unknown.
Several recent high-profile hacking incidents have been linked to China and what officials say is Beijing’s effort to steal technical and government secrets while also gaining access to critical infrastructure such as the electrical grid.
In September, the FBI announced that it had disrupted a vast Chinese hacking operation that involved the installation of malicious software on more than 200,000 consumer devices, including cameras, video recorders and home and office routers.
The devices were then used to create a massive network of infected computers, or botnet, that could then be used to carry out other cyber crimes.
In September, the FBI announced that it had disrupted a vast Chinese hacking operation that involved the installation of malicious software on more than 200,000 consumer devices, including cameras, video recorders and home and office routers
A new report claimed that Todd Blanche’s cellphone was hacked months ago by Chinese cybercriminals. The FBI refused to comment on the matter. Blanchard is the criminal attorney of President-elect Donald Trump
In October, officials said hackers linked to China targeted the phones of then-presidential candidate Donald Trump and his running mate, Sen. JD Vance, along with people associated with Democratic candidate Vice President Kamala Harris.
China has rejected accusations from US officials that it engages in cyberespionage directed against Americans.
The nation’s government ‘firmly opposes and combats all kinds of cyber attacks,’ spokesperson Liu Pengyu wrote in a statement emailed to The Associated Press. ‘The US needs to stop its own cyberattacks against other countries and refrain from using cyber security to smear and slander China.’
A top White House official said Friday that the number of telecommunications companies affected by the hack has now risen to nine.
