CyberSecurity news

FlagThis - #chinahack

djohnson@CyberScoop //

China Hack US Treasury via BeyondTrust

The US Treasury Department has confirmed a major cyber incident involving Chinese state-sponsored hackers who gained unauthorized access to employee workstations and unclassified documents. The breach occurred after a third-party software provider, BeyondTrust, was compromised, allowing the attackers to obtain a security key used for remote technical support. This key enabled the hackers to bypass security measures and remotely access Treasury systems and exfiltrate sensitive information. The Treasury was notified of the breach on December 8th and has been working with the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and other agencies to investigate the full impact of the incident.

The compromised BeyondTrust service has since been taken offline, and there is currently no evidence to suggest the threat actors still have access to Treasury systems. The Treasury Department has classified the incident as a “major incident” and has reaffirmed its commitment to bolstering cybersecurity defenses, highlighting the importance of addressing third-party vulnerabilities. The breach follows a series of other recent cyberattacks linked to China, further raising concerns about the security posture of the US government.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • CyberScoop: Treasury workstations hacked by China-linked threat actors
  • Federal News Network: Treasury says Chinese hackers remotely accessed workstations, documents in ‘major’ cyber incident
  • siliconangle.com: Third-party provider hack exposes US Treasury Department unclassified documents
  • Techmeme: Letter: the US Treasury says China-backed hackers gained access to some Treasury workstations and unclassified docs; a vendor notified it of the hack on Dec. 8 (Zack Whittaker/TechCrunch)
  • bsky.app: Chinese state-sponsored hackers broke into the U.S. Treasury Department this month and stole documents from its workstations, according to a letter to lawmakers
  • Chuck Darwin: US treasury’s workstations breached in cyber-attack by China – report A Chinese state-sponsored actor broke into the US treasury department earlier this month and stole documents from its workstations, according to a letter to lawmakers that was provided to Reuters on Monday.
  • www.theguardian.com: US treasury’s workstations breached in cyber-attack by China – report
  • techcrunch.com: US Treasury says China accessed government documents in ‘major’ cyberattack
  • cyberscoop.com: Treasury workstations hacked by China-linked threat actors
  • techcrunch.com: Letter: the US Treasury says China-backed hackers gained access to some Treasury workstations and unclassified docs; a vendor notified it of the hack on Dec. 8 (Zack Whittaker/TechCrunch)
  • International homepage: ‘In a letter to 🇺🇸 Senate banking committee seen by the Financial Times, the department said it had been informed on December 8 by software company BeyondTrust that a hacker had breached several remote government workstations by obtaining a security key and had in turn gained access to unclassified documents on them.’
  • www.benzinga.com: China-Linked Hackers Breach US Department Of Treasury
  • malware.news: Chinese-sponsored hackers accessed Treasury documents in ‘major incident’
  • www.cnn.com: CNN: China-backed hackers breached US Treasury workstations.
  • Michael West: Treasury says Chinese hackers accessed workstations
  • SiliconANGLE: Third-party provider hack exposes US Treasury Department unclassified documents
  • www.pymnts.com: Treasury Department Workstations Breached by Hackers via Third-Party Vendor
  • www.engadget.com: The US Treasury Department says it was hacked in a China-linked cyberattack
  • federalnewsnetwork.com: Treasury says Chinese hackers remotely accessed workstations, documents in ‘major’ cyber incident
  • WIRED: US Treasury Department confirms hack by China-backed group.
  • bsky.app: The U.S. Treasury announced a major cyberattack linked to a compromised API key from its contractor, BeyondTrust.
  • securityonline.info: Treasury Department Hit by Major Cybersecurity Incident, China Suspected
  • PYMNTS.com: Treasury Department Workstations Breached by Hackers via Third-Party Vendor
  • san.com: Chinese-sponsored hackers behind ‘major’ breach: Treasury Department
  • securityaffairs.com: China-linked threat actors breached the U.S. Treasury Department by hacking a remote support platform used by the agency.
  • Hong Kong Free Press HKFP: US Treasury says was targeted by China state-sponsored cyberattack.
  • The Hacker News: The United States Treasury Department said it suffered a 'major cybersecurity incident' that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents.
  • Fortune | FORTUNE: Treasury Department says a China state-sponsored cyberattack gained access to workstations and documents
  • securityonline.info: Treasury Department Hit by Major Cybersecurity Incident, China Suspected
  • gbhackers.com: US Treasury Department Breach, Hackers Accessed Workstations.
  • SAN: Investigators accuse China of hacking U.S. Treasury Department computers.
  • blog.gitguardian.com: What Happened in the U.S. Department of the Treasury Breach? A Detailed Summary.
  • DataBreaches.Net: Chinese hackers breached Treasury Department workstations, documents in ‘major cybersecurity incident’.
  • go.theregister.com: US Treasury Department outs the blast radius of BeyondTrust's key leak
  • www.wired.com: US Department Admits It Got by Treasury says accessed “certain documents” in a “major” breach, but experts believe the attack’s impacts could prove to be more significant as new details emerge.
  • www.bleepingcomputer.com: US Treasury Department breached through remote support platform L: C: posted on 2024.12.31 at 21:39:28 (c=2, p=3)
  • Hacker News: US Treasury Department breached through remote support platform L: C: posted on 2024.12.31 at 21:39:28 (c=2, p=3)
  • OODAloop: What to know about string of US hacks blamed on China
  • Techmeme: Sources: Chinese government hackers breached the US Treasury Department's OFAC, which administers economic sanctions, and two other Treasury offices (Washington Post)
  • Dataconomy: According to the Washington Post Chinese government hackers compromised the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) in December, targeting intelligence related to economic sanctions, officials reported.
  • Carly Page: China-backed hackers reportedly compromised the US Treasury’s highly sensitive sanctions office during December cyberattack
  • techcrunch.com: Chinese government hackers targeted the U.S. Treasury’s highly sensitive sanctions office during a December cyberattack, according to reports.
  • techcrunch.com: Chinese government hackers targeted US Treasury’s sanctions office during December cyberattack
  • Cybernews: On Thursday, it was revealed that PRC-backed hackers behind last month’s US Treasury hack accessed some senior officials' laptops.
  • Bloomberg Technology: Sources: China-backed hackers accessed the computers of senior US Treasury officials; the department's email system and classified data were not breached (Bloomberg)
  • www.techmeme.com: Sources: China-backed hackers accessed the computers of senior US Treasury officials; the department's email system and classified data were not breached (Bloomberg)
  • Techmeme: Sources: China-backed hackers accessed the computers of senior US Treasury officials; the department's email system and classified data were not breached (Bloomberg)
  • The Hacker News: CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing
  • www.helpnetsecurity.com: CISA says Treasury was the only US agency breached via BeyondTrust -backedattacks 'tmiss
  • www.the420.in: Chinese APT Exploits BeyondTrust Vulnerability to Breach U.S. Treasury Systems
  • Pyrzout :vm:: CISA says Treasury was the only US agency breached via BeyondTrust -backedattacks 'tmiss
  • Help Net Security: CISA says Treasury was the only US agency breached via BeyondTrust
  • industrialcyber.co: US Treasury sanctions Beijing’s Integrity Tech for Flax Typhoon cyber intrusions on critical infrastructure
  • ciso2ciso.com: CISA: Third-Party Data Breach Limited to Treasury Dept. – Source: www.darkreading.com
  • Latest from TechRadar: Chinese cybersecurity firm hit by US sanctions over ties to Flax Typhoon hacking group
Classification:
MalBot@malware.news //

US Treasury Hacked by Chinese APT Group

The US Treasury Department has sanctioned a Chinese cybersecurity firm, Sichuan Juxinhe Network Technology Co., and a Shanghai-based hacker, Yin Kecheng, for their involvement in significant cyberattacks. These attacks compromised sensitive systems at the Treasury Department and major US telecommunication companies and ISPs. Sichuan Juxinhe is linked to the Salt Typhoon hacking group, which has infiltrated numerous US telecom companies and ISPs intercepting sensitive data from high-value political officials and communication platforms. Yin Kecheng, connected to the Chinese Ministry of State Security (MSS), is associated with the recent breach of the Treasury's network, impacting systems involved in sanctions and foreign investment reviews.

The Treasury's systems, including those used by Secretary Janet Yellen, were accessed during the breach resulting in the theft of over 3,000 files. The stolen data included policy documents, organizational charts, and information on sanctions and foreign investment. The cyber activity has been attributed to the Salt Typhoon group, alongside a related group known as Silk Typhoon (formerly Hafnium), which exploited vulnerabilities in Microsoft Exchange Server and used compromised APIs. The Treasury Department stated that it will continue using its authority to hold accountable malicious actors that target American people and the US government.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • malware.news: US Sanctions Chinese firm behind sweeping Salt Typhoon telecom hacks
  • The Hacker News: U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon
  • BleepingComputer: US sanctions Chinese firm, hacker behind telecom and Treasury hacks
  • ciso2ciso.com: US Sanctions Chinese Hacker & Firm for Treasury, Critical Infrastructure Breaches – Source: www.darkreading.com
  • ciso2ciso.com: US sanctions Chinese hacker & firm for Treasury, critical infrastructure breaches
  • : U.S. Treasury : Treasury's OFAC is sanctioning Yin Kecheng, a Shanghai-based cyber actor who was involved with the recent Department of the Treasury network compromise.
  • ciso2ciso.com: U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon – Source:thehackernews.com
  • www.bleepingcomputer.com: US sanctions Chinese firm, hacker behind telecom and Treasury hacks
  • securityaffairs.com: U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon
  • ciso2ciso.com: Treasury Levels Sanctions Tied to a Massive Hack of Telecom Companies and Breach of Its Own Network – Source: www.securityweek.com
  • Pyrzout :vm:: Treasury Levels Sanctions Tied to a Massive Hack of Telecom Companies and Breach of Its Own Network – Source: www.securityweek.com
  • ciso2ciso.com: The U.S. Treasury’s OFAC sanctioned a Chinese cybersecurity firm and a Shanghai cyber actor for ties to Salt Typhoon and a federal agency breach.
  • www.tomshardware.com: News report on Chinese hackers infiltrating US Treasury Secretary's PC and gaining access to over 400 PCs.
  • ciso2ciso.com: U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon
  • www.nextgov.com: US Treasury Department sanctions imposed for Salt Typhoon's involvement.
  • www.nextgov.com: The Treasury Department's sanctions follow a major hack targeting telecommunications companies and potentially impacting high-value political officials.
  • Threats | CyberScoop: Treasury sanctions Chinese cybersecurity company, affiliate for Salt Typhoon hacks.
  • cyberscoop.com: Treasury sanctions Chinese cybersecurity company, affiliate for Salt Typhoon hacks
  • thecyberexpress.com: U.S. Treasury sanctions Salt Typhoon hackers
  • www.csoonline.com: The US is hitting back against the threat group, dubbed Salt Typhoon by Microsoft, which is allegedly behind recent cyber attacks against American telecommunications providers, as part of a wider campaign against Chinese-based hacking.
  • Security Affairs: The US Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network Technology Co., LTD.
  • Security Boulevard: U.S. Treasury Sanctions Chinese Individual, Company for Data Breaches
Classification:
  • HashTags: #CyberAttack #Sanctions #ChinaCyberEspionage
  • Company: US Treasury
  • Target: US Treasury
  • Attacker: Chinese APT
  • Product: US Treasury Network
  • Feature: network compromise
  • Malware: PlugX
  • Type: Espionage
  • Severity: Major
Pierluigi Paganini@securityaffairs.com //

Chinese Hackers Breach Belgian Security Service Stealing Emails

The Belgian federal prosecutor's office is currently investigating a significant data breach of its state security service (VSSE), allegedly perpetrated by Chinese government hackers. The breach, which targeted the VSSE's external mail server, occurred between 2021 and 2023 and exploited a vulnerability in Barracuda's Email Security Gateway Appliance. This incident is considered a severe security lapse and has prompted a formal inquiry by Belgian authorities.

Approximately 10% of the VSSE's staff emails were stolen during the two-year period. While classified data remained secure, the personal information of nearly half the Belgian service's members may have been compromised, the newspaper reported.

The Chinese Embassy in Belgium has dismissed the allegations as "false information".

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • DataBreaches.Net: Belgian prosecutor probes alleged Chinese hacking of intelligence service
  • gbhackers.com: Chinese Hackers Breach Belgium State Security Service as Investigation Continues
  • Carly Page: The Belgian federal prosecutor's office confirmed to TechCrunch on Friday that it is investigating an alleged data breach of its state security service (VSSE) by Chinese government hackers. The hackers reportedly exploited a Barracuda ESG vulnerability to access VSSE’s external mail server between 2021 and 2023
  • securityaffairs.com: China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails
  • The420.in: China’s Cyber Espionage Skyrockets: 150% Surge in Attacks Uncovered
  • securityaffairs.com: Belgian authorities are investigating Chinese hackers for breaching its State Security Service (VSSE), stealing 10% of emails from 2021 to May 2023.
Classification:
  • HashTags: #cyberespionage #ChinaHack #DataBreach
  • Company: Belgium State Security Service (VSSE)
  • Target: Belgian State Security Service (VSSE)
  • Attacker: China-linked threat actors
  • Product: Barracuda ESG
  • Feature: email theft
  • Type: Espionage
  • Severity: Major

Blogs

Research Tools