Chinese state-sponsored cyberattack breaches US Treasury, key documents exposed

US Treasury says Chinese hackers stole documents in ‘major incident’

A major cybersecurity breach has been reported, with a Chinese state-sponsored actor infiltrating US offices and accessing unclassified documents through government software vulnerabilities. The breach, disclosed by the Treasury Department on Monday, highlights the escalating threat of state-sponsored cyberattacks and the pressing need for strengthened cybersecurity measures.

Breach details and discovery

The attack was attributed to a Chinese Advanced Persistent Threat (APT) actor, according to Aditi Hardikar, Assistant Secretary for Management at the US Treasury. The breach was identified on December 8 after a notification from BeyondTrust, a third-party software service provider.

Hackers reportedly used stolen keys to bypass security systems, gaining remote access to bank offices and unencrypted documents. The stolen key, intended for securing a cloud-based technical support service, allowed the attackers to override security protocols and infiltrate certain user workstations within the Treasury Department’s offices.

In a statement, the Treasury Department confirmed, “With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury [Departmental Office] user workstations, and access certain unclassified documents maintained by those users.”

Mitigation and response

The Treasury Department promptly took the affected service offline to prevent further breaches. In collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), law enforcement, and forensic experts, efforts are underway to assess the damage and prevent future incidents.

A Treasury spokesperson stated that there is no evidence of ongoing access by the threat actor. Hardikar emphasized the department’s commitment to thoroughly investigating the breach and determining its overall impact.

Congressional briefing and future measures

The Treasury Department plans to brief the House Financial Services Committee next week to discuss the breach in detail. Officials are working with CISA, the FBI, US intelligence agencies, and third-party investigators to understand the full scope of the intrusion and enhance cybersecurity defenses.

Lessons from the breach

This incident underscores the vulnerabilities inherent in third-party systems integrated into critical government operations. Such breaches, classified as “major cybersecurity incidents” under federal guidelines, serve as stark reminders of the importance of securing these systems.

The Treasury Department and its partners are striving to minimize the breach’s impact while implementing measures to bolster cybersecurity and prevent future incidents.

For all the latest updates, download PGurus App.

The post Chinese state-sponsored cyberattack breaches US Treasury, key documents exposed appeared first on PGurus.