Chinese hackers breach US treasury via third-party software
The United States Treasury Department reported a cyberattack that allowed hackers, allegedly sponsored by Chinese authorities, to access department employees' computers via third-party software. According to NBC News, authorities described the situation as a "major incident."
The attackers gained access to the Treasury Department systems through BeyondTrust, a cybersecurity services provider offering remote technical support. By compromising a security key used by BeyondTrust, the hackers bypassed security measures and gained access to user workstations.
A third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users – it was stated in a letter to Senators Sherrod Brown and Tim Scott.
China reacts to the allegations
According to NBC News, Chinese authorities categorically denied the accusations. "China consistently opposes all forms of hacking and is firmly against the spread of false information targeting China for political purposes," declared Mao Ning, spokeswoman for the Chinese Ministry of Foreign Affairs.
U.S. authorities, including the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and forensic specialists, are working on a full assessment of the incident and its potential implications.
According to NBC News, a Treasury Department spokesperson assured that "the compromised BeyondTrust service has been taken offline" and that "no evidence indicates the threat actor has continued access to Treasury systems or information. "
Treasury takes very seriously all threats against our systems, and the data it holds. Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors – it was added in the statement.
