/cdn.vox-cdn.com/uploads/chorus_asset/file/24533979/STK417_banking_money_2.jpg "A high-level cybersecurity breach has been reported at the United States Department of the Treasury: The department’s computer systems were compromised in a hacking incident that occurred earlier this week.")
The U.S. Department of the Treasury disclosed a significant cybersecurity breach when a Chinese state-sponsored actor gained unauthorized access to its third-party remote management software, according to .
The Treasury Department’s correspondence with lawmakers revealed that BeyondTrust, the parent company of its remote management software, disclosed a breach to them on December 8th.
The malicious actor stole a critical key used by BeyondTrust to safeguard a cloud-based service that enables remote technical support for Treasury Departmental Workplaces (DO) end-users. With the key, they circumvented security measures to remotely access these customers’ workstations and accessed “some unclassified documents” stored on them?
Following the attack, the Treasury Department collaborated closely with the Cybersecurity and Infrastructure Safety Agency (CISA) and the Federal Bureau of Investigation (FBI), working in conjunction with officials who attribute the incident to a sophisticated Chinese state-sponsored hacking group known as an Advanced Persistent Threat (APT).
The US Treasury Department has taken the compromised BeyondTrust service offline, with no evidence suggesting the malicious actor still has access to treasury systems or data.
The alleged assault seems to be connected to a preceding safety concern that occurred earlier this month, reportedly having some relevance. The cybersecurity firm BeyondTrust initially attributed the attack to a compromised API key used in its remote assist software, stating it “immediately revoked the API key, notified affected clients, and suspended these sessions the same day.” When reached out to for comment, BeyondTrust did not provide an immediate response.
The Treasury takes a robust approach to address any significant threats to its methods and the sensitive information it possesses.
“In recent years, Treasury has made significant strides in fortifying its cybersecurity defenses, and we will continue collaborating closely with both private and public sector partners to safeguard our financial infrastructure against malicious actors.”