Chinese hackers breach US treasury systems in major cyberattack
According to American officials, Chinese hackers breached US Treasury systems on Monday, gaining access to workstations and documents in a major cybersecurity incident.The attack was carried out with a security override linked to a key from BeyondTrust, a third-party service provider that provides remote technical support to Treasury employees.
Officials confirmed that the compromised service has been taken offline, and there is no evidence of ongoing access to Treasury data.
The breach was discovered on December 2, but it took BeyondTrust three days to identify the suspicious activity as a hack. The Treasury Department received official notification on December 8. A spokesperson stated that the hackers gained access to several user workstations and some unclassified documents, but the exact nature and sensitivity of the files were not disclosed.
Investigators believe the attack was carried out by a Chinese Advanced Persistent Threat (APT) actor. Treasury officials stated in their letter that, per departmental policy, APT-related intrusions are automatically classified as major cybersecurity incidents.
The Treasury Department has been working with the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and third-party forensic investigators to determine the full scope of the breach. The department emphasized its commitment to protecting its systems and data from external threats, stating that such incidents are taken "very seriously."
While the breach seems to have been an act of espionage rather than an attempt at financial theft, officials warned that the hackers might have been able to create accounts or alter passwords during the three days they remained undetected.
The department assured lawmakers that a supplemental report on the breach would be delivered within 30 days, outlining additional details about the incident and its potential consequences.
In response to the allegations, Liu Pengyu, a spokesperson for the Chinese embassy in Washington, dismissed the claims as baseless and politically motivated.
"The United States must stop using cybersecurity to smear and slander China, as well as spreading misinformation about alleged Chinese hacking threats.
"The US needs to stop using cyber security to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threats," Liu told journalists.
This breach is the latest in a series of high-profile cyberattacks linked to Chinese espionage hackers. Earlier in December, another attack targeted telecommunications companies, potentially compromising phone record data across the United States.
Leave A Comment