Stories
Slash Boxes
Comments

SoylentNews is people

U.S. Treasury Confirms It Was Breached by China-Backed Hackers

posted by hubie on Saturday January 04, @07:58AM   Printer-friendly

Arthur T Knackerbracket has processed the following story:

According to a letter from the U.S. Treasury Department to lawmakers revealed on Monday, Dec. 30, Chinese-backed hackers successfully infiltrated the department’s systems and stole government documents this month.

The breach, first reported by Reuters, highlights yet another instance of state-sponsored cyber espionage targeting U.S. government employees — just moments after AT&T and Verizon finally dealt with Salt Typhoon. In a statement to Senator Sherrod Brown, chair of the Committee on Banking, Housing, and Urban Affairs, the Treasury confirmed that the attack occurred in December.

In the letter, the department states that the breach was flagged by a third-party cybersecurity vendor, BeyondTrust, which discovered that the attackers had compromised a key used to secure a cloud-based service. That service was integral to providing remote technical support to end users within the department's offices.

"With access to the stolen key, the threat actor was able [to] override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users," the letter reads.

The Treasury revealed it was alerted to the breach on Dec. 8 and is collaborating with the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to evaluate the scope of the incident. Reuters reports that the FBI has yet to respond to requests for comment, while CISA redirected inquiries back to the Treasury.

Original Submission

 
This discussion was created by hubie (1068) for logged-in users only, but now has been archived. No new comments can be posted.
U.S. Treasury Confirms It Was Breached by China-Backed Hackers | Log In/Create an Account | Top | 1 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 5, Insightful) by Snospar on Saturday January 04, @05:52PM

    by Snospar (5366) Subscriber Badge on Saturday January 04, @05:52PM (#1387443)

    That summary is a bit misleading as the breach wasn't just "flagged" by BeyondTrust, they were the vendor who was compromised. It was their compromised key that was used to access the government systems. The key was used to secure a cloud-based service that could remotely access Treasury workstations... so quite an important thing to keep secure then!

    I'm sure any fallout on the vendor will be minimal and they can always "go bankrupt" and pop up next week as "BeyondBelief" security.

    --
    Huge thanks to all the Soylent volunteers without whom this community (and this post) would not be possible.
(1)