Chinese-sponsored hackers accessed Treasury documents in ‘major incident’
The letter addressed to leaders on the Senate Banking Committee says that on Dec. 8 BeyondTrust, a provider of cloud security services, alerted Treasury to a breach where hackers had obtained a key used to secure a cloud-based service for remotely supporting Treasury Departmental Offices users.
Using the stolen key, the attacker bypassed the service’s security, remotely accessed Treasury workstations and retrieved certain unclassified documents stored by those users.
“The compromised BeyondTrust service has been taken offline and there is no evidence indicating the threat actor has continued access to Treasury systems or information,” the agency said in a statement.
“Treasury takes very seriously all threats against our systems, and the data it holds. Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors,” it adds.
Agence France-Presse, the French international news agency, first reported the hack. The letter says that, according to available indicators, “the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor.” The specific hacking unit is not named.
APTs are a moniker used in the cybersecurity community to denote hacking collectives that operate with advanced technical capabilities, persistent attack strategies and often with the financial backing of nation-states.
Treasury has been in contact with the intelligence community, the FBI and the Cybersecurity and Infrastructure Security Agency regarding the incident. CISA referred Nextgov/FCW to Treasury for comment, while the FBI and BeyondTrust did not immediately return requests for comment.
A Chinese embassy spokesperson vehemently denied the contents of the letter and said China firmly opposes U.S. “smear attacks” against China. “The U.S. needs to stop using cyber security to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threats,” spokesperson Liu Pengyu said in a statement.
Pengyu added that, during a meeting between President Biden and President Xi Jinping in Peru at the APEC Summit last month, Xi said there’s “no evidence that supports the irrational claim of the so-called “‘cyberattacks from China.’”
Biden raised the question of hacking to Xi following a sweeping China-tied intrusion in U.S. telecommunications systems that has unfolded over the past couple months and not fully been eradicated.
Those telecom hacks, from a group dubbed Salt Typhoon by cybersecurity researchers, have hit nine providers in the U.S. and dozens of others abroad, and have targeted key political figures in the D.C. beltway.
]]>