HomeSecurity OperationsUS Treasury targeted in cyberattack by Chinese-backed hacker

US Treasury targeted in cyberattack by Chinese-backed hacker

Published on

spot_img

The US Treasury Department faced a major cybersecurity breach orchestrated by a Chinese state-sponsored hacker group that gained unauthorized access through a third-party software provider, as per a letter sent to Congress on Monday. The breach was deemed significant due to its attribution to a state-sponsored actor, and it was unveiled that BeyondTrust Inc., a third-party software provider, flagged the breach to Treasury on December 8.

The hacker gained access to a key used by BeyondTrust to secure a cloud-based service utilized for providing technical support to Treasury’s Departmental Offices (DO) end users. Following the breach disclosure, the department sought assistance from the Cybersecurity and Infrastructure Security Agency, the FBI, the intelligence community, and third-party forensic investigators to investigate the incident thoroughly.

According to the letter reviewed by Bloomberg News, the advanced hackers linked to China were identified as the perpetrators behind the intrusion. In response, the Chinese embassy in Washington denied the allegations, condemning the US for baseless smear campaigns against China regarding cybersecurity threats.

BeyondTrust, the software service provider at the center of the breach, holds lucrative contracts with various government agencies, including contracts worth over $4 million with the federal government. Apart from the Treasury Department, BeyondTrust also offers services to the Department of Defense, Department of Veterans Affairs, and the Department of Justice, among others.

A spokesperson for BeyondTrust assured that only a limited number of customers were affected by the breach, and they have been duly notified and are receiving support. The spokesperson also mentioned that law enforcement agencies have been informed, and the company is fully cooperating with the investigation.

The hacker managed to access certain Treasury workstations remotely and specific unclassified documents maintained by the affected users. However, the compromised service has been taken offline, and there is no evidence to suggest that the threat actor still has access to Treasury systems or information, as confirmed by a Treasury spokesperson.

The breach revelation coincides with ongoing investigations by the White House into a widespread cyber-espionage campaign targeting US telecommunications companies by Chinese state-sponsored hackers. The White House disclosed that nine telecom firms were affected by the attacks, attributed to a group known as Salt Typhoon, which Microsoft Corp. has linked to the Chinese government.

Reports suggest that Chinese hackers spent months infiltrating American telecom networks, surveilling phone calls and text messages of numerous individuals, including former President Donald Trump, his family members, Vice President Kamala Harris’ campaign staff, and others. The alleged espionage activities at US telecoms and the Treasury Department come after a period of relative calm in US-China relations during President Joe Biden’s time in office.

Despite recent diplomatic engagements between Biden and Chinese President Xi Jinping, tensions persist over cybersecurity issues, with the US planning further accountability measures against China following the ban of China Telecom in the country. The situation remains complex as both nations navigate through cybersecurity challenges and strive to maintain stable bilateral relations amid growing concerns over state-sponsored cyber threats.

Source link

Latest articles

Vulnerability in Cisco Meeting Management REST API

Cisco Meeting Management has recently been flagged for a critical privilege escalation vulnerability that...

DOJ charges North Korean operatives for remote IT work plot

The recent announcement from the US Department of Justice has brought to light a...

Digital and Cybersecurity Governance for Boards in 2025

In the year 2024, significant strides were made in digital, cybersecurity, and systemic risk...

Hacking the hackers: Russian group takes over Iranian spying operation, officials reveal – Reuters.com

In a recent turn of events, officials have revealed that a Russian hacking group...

More like this

Vulnerability in Cisco Meeting Management REST API

Cisco Meeting Management has recently been flagged for a critical privilege escalation vulnerability that...

DOJ charges North Korean operatives for remote IT work plot

The recent announcement from the US Department of Justice has brought to light a...

Digital and Cybersecurity Governance for Boards in 2025

In the year 2024, significant strides were made in digital, cybersecurity, and systemic risk...