The US Treasury Department suffered a “major” security incident after a state-sponsored hacker from China broke into the third-party remote management software it uses, such as previously reported by The New York Times.
In a letter to legislators seen by The edgeThe Treasury Department said BeyondTrust, the company behind its remote management software, notified the agency of a breach on December 8.
The threat actor stole a key used by BeyondTrust “to secure a cloud-based service used to remotely provide technical support to Treasury Departmental Offices (DO) end users.” Using the key, they overrode security to remotely access those users' workstations and “some unclassified documents” they maintained.
The Treasury Department said it worked with the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI following the attack, which has been attributed to a state-sponsored Advanced Persistent Threat (APT) hacker from China. “The compromised BeyondTrust service has been taken offline and there is no evidence to indicate that the threat actor has continued to access Treasury systems or information,” US Treasury Department spokesman Michael Gwin said in a statement. to The edge.
The attack appears to be related to a security incident BeyondTrust revealed earlier this month, impacting customers using your remote support software. At the time, BeyondTrust attributed the attack to a compromised API key for its remote support software, adding that it “immediately revoked the API key, notified known affected customers, and suspended those instances on the same day.” The edge He reached out to BeyondTrust for comment but did not immediately receive a response.
“Treasury takes all threats to our systems and the data it holds very seriously,” Gwin said. “Over the past four years, Treasury has significantly strengthened its cyber defense and we will continue to work with public and private sector partners to protect our financial system from threat actors.”
