Connect with us
  1. Home page/
  2. Chinese Hackers Breach US Treasury/

Chinese Hackers Breach US Treasury Systems In Major Cyberattack

James King, MPA
Like Freedom Press? Get news that you don't want to miss delivered directly to your inbox

Chinese state-sponsored hackers gained unauthorized access to U.S. Treasury Department systems earlier this month, stealing unclassified documents in what officials have described as a “major incident.” The breach was facilitated through the compromise of a third-party cybersecurity service provider, BeyondTrust, according to a letter sent to lawmakers obtained by Reuters.

Hackers exploited a digital key used by BeyondTrust to secure a cloud-based technical support service, granting them the ability to bypass security protocols. This allowed the threat actors to remotely access Treasury Department workstations and retrieve certain unclassified documents stored by department employees.

BeyondTrust alerted the Treasury Department to the breach on December 8. Treasury has since worked with the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the extent of the breach. “Treasury takes very seriously all threats against our systems and the data it holds,” the department stated in its letter, adding that it has “significantly bolstered” its cybersecurity defenses over the past four years.

The attack highlights a pattern of operations commonly associated with state-sponsored Chinese hacking groups, according to cybersecurity researchers. Tom Hegel, a threat expert at SentinelOne, noted that the breach aligns with known tactics of Chinese hackers, particularly their exploitation of trusted third-party services.

The Chinese Embassy in Washington has denied involvement, claiming Beijing “firmly opposes the U.S.’s smear attacks against China without any factual basis.” Meanwhile, BeyondTrust has confirmed a security incident involving a limited number of customers, though it has not specifically linked its breach to the Treasury hack.

Advertisement

The compromised service has been taken offline, and officials believe the hackers no longer have access to additional department information. Federal agencies, however, remain on high alert for further potential cybersecurity risks.

https://x.com/marinelo_dav/status/1873841123002855440
https://x.com/AzoreLure/status/1873837331880567200

Tags:
Continue Reading
Advertisement

You may like