CyberSecurity news
djohnson@CyberScoop
//
The US Treasury Department has confirmed a major cyber incident involving Chinese state-sponsored hackers who gained unauthorized access to employee workstations and unclassified documents. The breach occurred after a third-party software provider, BeyondTrust, was compromised, allowing the attackers to obtain a security key used for remote technical support. This key enabled the hackers to bypass security measures and remotely access Treasury systems and exfiltrate sensitive information. The Treasury was notified of the breach on December 8th and has been working with the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and other agencies to investigate the full impact of the incident.
The compromised BeyondTrust service has since been taken offline, and there is currently no evidence to suggest the threat actors still have access to Treasury systems. The Treasury Department has classified the incident as a “major incident” and has reaffirmed its commitment to bolstering cybersecurity defenses, highlighting the importance of addressing third-party vulnerabilities. The breach follows a series of other recent cyberattacks linked to China, further raising concerns about the security posture of the US government.
References :
- CyberScoop: Treasury workstations hacked by China-linked threat actors
- Federal News Network: Treasury says Chinese hackers remotely accessed workstations, documents in ‘major’ cyber incident
- siliconangle.com: Third-party provider hack exposes US Treasury Department unclassified documents
- www.techmeme.com: Letter: the US Treasury says China-backed hackers gained access to some Treasury workstations and unclassified docs; a vendor notified it of the hack on Dec. 8 (Zack Whittaker/TechCrunch)
- bsky.app: Chinese state-sponsored hackers broke into the U.S. Treasury Department this month and stole documents from its workstations, according to a letter to lawmakers
- Chuck Darwin: US treasury’s workstations breached in cyber-attack by China – report A Chinese state-sponsored actor broke into the US treasury department earlier this month and stole documents from its workstations, according to a letter to lawmakers that was provided to Reuters on Monday.
- www.theguardian.com: US treasury’s workstations breached in cyber-attack by China – report
- techcrunch.com: US Treasury says China accessed government documents in ‘major’ cyberattack
- cyberscoop.com: Treasury workstations hacked by China-linked threat actors
- techcrunch.com: Letter: the US Treasury says China-backed hackers gained access to some Treasury workstations and unclassified docs; a vendor notified it of the hack on Dec. 8 (Zack Whittaker/TechCrunch)
- International homepage: ‘In a letter to 🇺🇸 Senate banking committee seen by the Financial Times, the department said it had been informed on December 8 by software company BeyondTrust that a hacker had breached several remote government workstations by obtaining a security key and had in turn gained access to unclassified documents on them.’
- www.benzinga.com: China-Linked Hackers Breach US Department Of Treasury
- malware.news: Chinese-sponsored hackers accessed Treasury documents in ‘major incident’
- www.cnn.com: CNN: China-backed hackers breached US Treasury workstations.
- Michael West: Treasury says Chinese hackers accessed workstations
- SiliconANGLE: Third-party provider hack exposes US Treasury Department unclassified documents
- www.pymnts.com: Treasury Department Workstations Breached by Hackers via Third-Party Vendor
- www.engadget.com: The US Treasury Department says it was hacked in a China-linked cyberattack
- federalnewsnetwork.com: Treasury says Chinese hackers remotely accessed workstations, documents in ‘major’ cyber incident
- WIRED: US Treasury Department confirms hack by China-backed group.
- bsky.app: The U.S. Treasury announced a major cyberattack linked to a compromised API key from its contractor, BeyondTrust.
- securityonline.info: Treasury Department Hit by Major Cybersecurity Incident, China Suspected
- www.pymnts.com: Treasury Department Workstations Breached by Hackers via Third-Party Vendor
- san.com: Chinese-sponsored hackers behind ‘major’ breach: Treasury Department
- securityaffairs.com: China-linked threat actors breached the U.S. Treasury Department by hacking a remote support platform used by the agency.
- Hong Kong Free Press HKFP: US Treasury says was targeted by China state-sponsored cyberattack.
- The Hacker News: The United States Treasury Department said it suffered a 'major cybersecurity incident' that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents.
- fortune.com: Treasury Department says a China state-sponsored cyberattack gained access to workstations and documents
- securityonline.info: Treasury Department Hit by Major Cybersecurity Incident, China Suspected
- gbhackers.com: US Treasury Department Breach, Hackers Accessed Workstations.
- san.com: Investigators accuse China of hacking U.S. Treasury Department computers.
- blog.gitguardian.com: What Happened in the U.S. Department of the Treasury Breach? A Detailed Summary.
- DataBreaches.Net: Chinese hackers breached Treasury Department workstations, documents in ‘major cybersecurity incident’.
- go.theregister.com: US Treasury Department outs the blast radius of BeyondTrust's key leak
- www.wired.com: US Department Admits It Got by Treasury says accessed “certain documents” in a “major” breach, but experts believe the attack’s impacts could prove to be more significant as new details emerge.
- www.bleepingcomputer.com: US Treasury Department breached through remote support platform L: C: posted on 2024.12.31 at 21:39:28 (c=2, p=3)
- mstdn.social: US Treasury Department breached through remote support platform L: C: posted on 2024.12.31 at 21:39:28 (c=2, p=3)
- OODAloop: What to know about string of US hacks blamed on China
- techhub.social: Sources: Chinese government hackers breached the US Treasury Department's OFAC, which administers economic sanctions, and two other Treasury offices (Washington Post)
- Dataconomy: According to the Washington Post Chinese government hackers compromised the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) in December, targeting intelligence related to economic sanctions, officials reported.
- Carly Page: China-backed hackers reportedly compromised the US Treasury’s highly sensitive sanctions office during December cyberattack
- techcrunch.com: Chinese government hackers targeted the U.S. Treasury’s highly sensitive sanctions office during a December cyberattack, according to reports.
- techcrunch.com: Chinese government hackers targeted US Treasury’s sanctions office during December cyberattack
- Cybernews: On Thursday, it was revealed that PRC-backed hackers behind last month’s US Treasury hack accessed some senior officials' laptops.
- Bloomberg Technology: Sources: China-backed hackers accessed the computers of senior US Treasury officials; the department's email system and classified data were not breached (Bloomberg)
- www.techmeme.com: Sources: China-backed hackers accessed the computers of senior US Treasury officials; the department's email system and classified data were not breached (Bloomberg)
- Techmeme: Sources: China-backed hackers accessed the computers of senior US Treasury officials; the department's email system and classified data were not breached (Bloomberg)
- The Hacker News: CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing
- www.helpnetsecurity.com: CISA says Treasury was the only US agency breached via BeyondTrust -backedattacks 'tmiss
- www.the420.in: Chinese APT Exploits BeyondTrust Vulnerability to Breach U.S. Treasury Systems
- Pyrzout :vm:: CISA says Treasury was the only US agency breached via BeyondTrust -backedattacks 'tmiss
- Help Net Security: CISA says Treasury was the only US agency breached via BeyondTrust
- industrialcyber.co: US Treasury sanctions Beijing’s Integrity Tech for Flax Typhoon cyber intrusions on critical infrastructure
- ciso2ciso.com: CISA: Third-Party Data Breach Limited to Treasury Dept. – Source: www.darkreading.com
- Latest from TechRadar: Chinese cybersecurity firm hit by US sanctions over ties to Flax Typhoon hacking group
Classification: