Chinese Hackers Breach U.S. Treasury
Disclosure of the breach comes as the White House continues to investigate what it says is a vast cyber-espionage campaign against US telecommunications
Chinese Hackers Breach U.S. Treasury Systems
The U.S. Treasury Department disclosed a significant cybersecurity breach attributed to a Chinese state-sponsored actor. The intrusion, described as a "major cybersecurity incident," involved a third-party software service provider, BeyondTrust Inc., according to a letter sent to Congress and reviewed by Bloomberg News.
The Breach: Details and Scope
On December 8, BeyondTrust informed the Treasury Department that a hacker had exploited a key used by the vendor to secure a cloud-based service. This service provided remote technical support for Treasury Departmental Offices (DO) end users. The breach allowed the hacker to access certain Treasury workstations and retrieve unclassified documents.
To mitigate the damage, the Treasury is collaborating with the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the intelligence community, and third-party forensic investigators. Treasury officials noted that, based on current information, the advanced threat actor behind the breach has been linked to China.
China Denies Allegations
In response to the Treasury's attribution, the Chinese Embassy in Washington dismissed the claims as baseless. In an emailed statement, the embassy criticized the U.S. for what it described as "smear attacks against China without any factual basis," urging an end to disinformation campaigns about alleged Chinese hacking activities.
BeyondTrust’s Role and Response
BeyondTrust, a cybersecurity firm holding federal contracts worth over $4 million, was at the center of the breach. The company services agencies including the Department of Defense, Department of Justice, and Department of Veterans Affairs, among others. A BeyondTrust spokesperson confirmed that a limited number of customers were affected, all of whom had been notified and were receiving support. The company stated it was working closely with law enforcement and supporting the ongoing investigation.
Government and Agency Reactions
The Treasury Department assured lawmakers that the compromised BeyondTrust service had been taken offline. "There is no evidence indicating the threat actor has continued access to Treasury systems or information," a spokesperson confirmed.
Despite the Treasury’s assurances, related agencies such as the Department of Defense, Department of Justice, and Department of Veterans Affairs did not immediately respond to requests for comment regarding their potential exposure.
The Broader Cybersecurity Context
This incident emerges against a backdrop of escalating cyber-espionage attributed to Chinese state-sponsored groups. The White House has recently been investigating a sweeping campaign targeting U.S. telecommunications companies, reportedly conducted by a hacking group Microsoft Corp. refers to as Salt Typhoon. The campaign has affected nine telecom firms, raising further concerns about vulnerabilities in critical U.S. infrastructure.
Did they ever stop and think that Beyond Trust is not Trust itself?
CBDCs anyone?