Chinese Hackers Exploit Vendor Flaw To Breach US Treasury

State-sponsored hackers from China have infiltrated the U.S. Treasury Department, stealing unclassified documents in what officials describe as a “major incident.” The breach, disclosed in a letter to lawmakers, highlights vulnerabilities in third-party cybersecurity providers.

Hackers gained access through BeyondTrust, a cybersecurity vendor used by the Treasury Department. By compromising a key associated with BeyondTrust’s cloud-based technical support service, the hackers bypassed security protocols, enabling remote access to Treasury workstations and documents.

The Treasury Department learned of the breach on December 8 after being notified by BeyondTrust. Officials have since worked with the FBI and CISA to evaluate the extent of the damage. “Treasury takes very seriously all threats against our systems and the data it holds,” the department stated, noting efforts to strengthen cyber defenses over the last four years.

Cybersecurity experts suggest the breach aligns with tactics frequently employed by Chinese hacking groups. Tom Hegel, a researcher at SentinelOne, pointed out that exploiting third-party services is a well-documented method used by groups linked to the People’s Republic of China.

Chinese officials have denied responsibility, accusing the U.S. of making baseless accusations. Meanwhile, BeyondTrust has acknowledged a security incident involving its remote support software, stating that a compromised digital key affected a limited number of clients.

The compromised service has been taken offline, and officials believe the hackers no longer have access to additional Treasury systems.

https://twitter.com/AzoreLure/status/1873837331880567200

Previous articleThat’s A Good Thing: Patel Nomination Criticized By Former FBI Director
Next articleGOP Divided Over Speaker Johnson’s Leadership