The recent breach of the US Department of the Treasury by Chinese state-backed threat actors has raised significant concerns about cybersecurity vulnerabilities within federal agencies. According to a disclosure letter sent to Senate committee members overseeing the agency, the breach is being treated as a major cybersecurity incident due to the involvement of an advanced persistent threat (APT) group.
The breach, which occurred earlier this month, was enabled through a third-party cybersecurity vendor, BeyondTrust. The threat actors were able to gain access to a remote key used by the vendor to secure a cloud-based service utilized by Treasury Departmental Offices (DO) end users. This access allowed the hackers to remotely infiltrate certain workstations and access unclassified documents.
BeyondTrust, a company with a global customer base of over 20,000 organizations, including 75% of Fortune 100 companies, has not yet responded to requests for comment on the incident. The breach was reported to Treasury by BeyondTrust on December 8, prompting an investigation by the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI.
This breach comes at a time when the US government is already dealing with a series of cyberattacks against telecommunications companies orchestrated by Chinese-backed groups like Salt Typhoon. These attacks have targeted call data and text messages of American citizens and have been identified in multiple telecom networks across the country.
The implications of these cybersecurity incidents on US-China relations are significant, especially as the Biden administration prepares for its transition. Lawrence Pingree, vice president of Dispersive, highlighted the challenges of addressing cyber espionage issues with Beijing due to a lack of transparency and accountability in their denial of responsibility for such incidents.
The breach also underscores the ongoing threat posed by sophisticated state actors to cybersecurity vendors. Former NSA cyber expert Evan Dornbush noted that this incident adds to a growing list of high-profile breaches targeting security firms, including Okta, LastPass, SolarWinds, and Snowflake. The vulnerability of these vendors highlights the need for enhanced security measures and vigilance in the face of evolving cyber threats.
As investigations into the Treasury breach continue, cybersecurity experts stress the importance of robust security protocols and collaboration between government agencies and private sector partners to prevent future intrusions. The fallout from this breach may have far-reaching implications for national security and diplomatic relations in the ongoing battle against cyber threats.