US Treasury Department Hit by Chinese Hackers in ‘Major Incident’

A China-backed threat actor accessed workstations and unclassified documents of US Treasury Department employees, The New York Times reports. 

In a letter to Senate Banking Committee leaders on Monday, Treasury said it was notified of the cyberattack on Dec. 8 by BeyondTrust, a third-party software service provider.

Hackers stole a security key used by the vendor to provide remote technical support to Treasury Departmental Offices (DO) end users, which they used to “override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users,” Aditi Hardikar, Assistant Secretary for Management at the Treasury Department, wrote to Sens. Sherrod Brown and Tim Scott.

“The compromised BeyondTrust service has been taken offline, and at this time, there is no evidence indicating the threat actor has continued access to Treasury information,” Hardikar adds.

Treasury has deemed the attack a “major incident” and—with assistance from the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and third-party forensic investigators—has attributed it to “a China state-sponsored Advanced Persistent Threat (APT) actor.”

The Treasury Department did not immediately respond to a request for comment, but in a statement to NBC News, it says: “Treasury takes very seriously all threats against our systems and the data it holds. Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors,” the statement reads in part.

In her letter, Hardikar argues that “the investments we have made [with money] provided under the Cybersecurity Enhancement Account (CEA) have helped ensure we have strong incident processes and access to detailed logs to support our incident response efforts.”

President Biden’s FY 2025 budget proposal includes $150 million for CEA, which “will be used as a centralized account for the design, development, and evolution of enterprise-wide cybersecurity capabilities and services.”

As the agency notes in that budget proposal, “Treasury is constantly being targeted by a large array of threat actors, including nation-states and criminal syndicates.” That includes the SolarWinds hack in 2020, when Russian state-sponsored hackers hit several federal agencies, including DHS and the State, Commerce, and Treasury Departments.

More recently, officials have been focused on a Chinese state-sponsored hacking group, Salt Typhoon, which has breached at least nine US telecom companies to spy on the communications of top politicians and government officials.

SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.”,”first_published_at”:”2021-09-30T21:22:09.000000Z”,”published_at”:”2022-03-24T14:57:33.000000Z”,”last_published_at”:”2022-03-24T14:57:28.000000Z”,”created_at”:null,”updated_at”:”2022-03-24T14:57:33.000000Z”})” x-show=”showEmailSignUp()” x-intersect.once=’window.trackGAImpressionEvents(“pcmag-on-site-newsletter-block”, “SecurityWatch”, $el)’ readability=”32.838445807771″>

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links.
By clicking the button, you confirm you are 16+ and agree to our
Terms of Use and
Privacy Policy.
You may unsubscribe from the newsletters at any time.

About Jibin Joseph

Contributor

Jibin is a tech news writer based out of Ahmedabad, India. Previously, he served as the editor of iGeeksBlog and is a self-proclaimed tech enthusiast who loves breaking down complex information for a broader audience.

Read Jibin’s full bio

Read the latest from Jibin Joseph