HomeRisk ManagementsChinese State-backed Hackers infiltrate US Treasury Department - Source: www.darkreading.com

Chinese State-backed Hackers infiltrate US Treasury Department – Source: www.darkreading.com

Published on

spot_img

Chinese state-backed threat actors successfully compromised the US Department of the Treasury’s systems earlier this month, stealing data from workstations, as per a warning issued to lawmakers by the Treasury Department. The breach, attributed to an advanced persistent threat (APT) group, has been classified as a major cybersecurity incident.

The attackers gained unauthorized access to the Treasury’s systems through a third-party cybersecurity vendor, BeyondTrust, exploiting a remote key used by the vendor to secure a cloud-based service utilized for technical support for Treasury Departmental Offices (DO) users. With the stolen key, the threat actors were able to bypass the service’s security measures, remotely access specific Treasury DO user workstations, and retrieve certain unclassified documents maintained by those users.

BeyondTrust, with more than 20,000 customers worldwide, including 75% of Fortune 100 organizations, is a prominent provider of privileged remote access tools. The company was made aware of the breach on December 8 and is collaborating with the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to investigate the incident. A BeyondTrust advisory stated that the company became aware of a compromised API key on December 5, promptly revoking it. Impacted customers have been notified, and remediation efforts are underway.

The breach, labeled as an ‘epic’ Chinese hack of the US Treasury, highlights Beijing’s ability to infiltrate critical systems within the federal government. This incident follows a series of cyberattacks against US telecommunications companies attributed to Chinese-backed hacking groups like Salt Typhoon, which have infiltrated multiple telecom networks in the US, accessing call data and text messages. The complexity of addressing these cyber espionage activities amidst the transition of administrations poses diplomatic challenges, given Beijing’s customary denial of responsibility for such incidents.

Lawrence Pingree, Vice President of Dispersive, emphasized the importance of managing software API access keys securely to prevent breaches of this magnitude. The breach underscores the vulnerability of cybersecurity vendors to sophisticated state-sponsored threat actors, as highlighted by former NSA cyber expert Evan Dornbush. He noted the increasing frequency of attacks targeting security firms like BeyondTrust, Okta, LastPass, SolarWinds, and Snowflake.

Overall, the breach at the US Department of the Treasury serves as a stark reminder of the evolving cybersecurity threats facing government agencies and the critical need for robust security measures to safeguard sensitive data and infrastructure. Advanced threat actors continue to exploit vulnerabilities in IT ecosystems, underscoring the vigilance and diligence required to mitigate cyber risks effectively in today’s digital landscape.

Source link

Latest articles

Hacking group exposes information on 15k vulnerable FortiGate firewall devices

A recent development in the ongoing cybersecurity saga involving vulnerable Fortinet FortiGate firewall devices...

Biotech company resolves class action lawsuit stemming from ransomware attack with $7.5 million settlement

Enzo Biochem, a prominent biotech company, recently made headlines after agreeing to settle a...

Aadhaar-based biometric verification required for new SIM cards to combat fraud and cybercrime – StartupNews.fyi

The Indian government has announced a new measure to combat fraudulent activities associated with...

Karl Triebes is appointed as Ivanti’s Chief Product Officer

Salt Lake City, January 13, 2025 - Ivanti, a leading software company dedicated to...

More like this

Hacking group exposes information on 15k vulnerable FortiGate firewall devices

A recent development in the ongoing cybersecurity saga involving vulnerable Fortinet FortiGate firewall devices...

Biotech company resolves class action lawsuit stemming from ransomware attack with $7.5 million settlement

Enzo Biochem, a prominent biotech company, recently made headlines after agreeing to settle a...

Aadhaar-based biometric verification required for new SIM cards to combat fraud and cybercrime – StartupNews.fyi

The Indian government has announced a new measure to combat fraudulent activities associated with...