Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The US Treasury Department suffered a “major” security incident after a Chinese state-sponsored hack broke into third-party remote management software it uses, such as first reported by The New York Times.
In a letter to lawmakers seen by The Virginthe Treasury Department said that BeyondTrust, the company behind its remote management software, notified the agency of a breach on December 8.
The threat actor stole a key used by BeyondTrust “to secure a cloud-based service used to remotely provide technical support for end users of the Departmental Offices of the Treasury (DO). With the key, they bypassed the security to remotely access those users’ workstations and “some unclassified documents” they kept.
The Treasury Department said it was working with the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI after the attack, which was attributed to an Advanced Persistent Threat (APT) hacker sponsored by the State of China. “The compromised BeyondTrust service has been taken offline and there is no evidence to indicate that the threat actor has continued access to Treasury systems or information,” the Treasury Department spokesperson said. of the United States Michael Gwin said in a statement. The Virgin.
The attack appears to be related to a security incident BeyondTrust disclosed earlier this month, impacting customers using their remote support software. At the time, BeyondTrust attributed the attack to a compromised API key for its remote support software, adding that it “immediately revoked the API key, notified known affected customers, and suspended those cases the same day.” The Virgin reached BeyondTrust with a request for comment but did not immediately respond.
“Treasury takes all threats against our systems, and the data they contain, very seriously,” Gwin said. “Over the past four years, the Treasury has significantly strengthened its cyber defenses, and we will continue to work with private and public sector partners to protect our financial system from threat actors.”
