The US Treasury Department has confirmed a cybersecurity breach that allowed Chinese hackers to access employee workstations and unclassified documents remotely. According to an AP report, the department did not provide details on how many workstations had been accessed or what documents the hackers may have obtained.
What the US Treasury Department has to say
In a letter to lawmakers, the US Treasury Department said that “at this time, there is no evidence indicating the threat actor has continued access to Treasury information” and that it is being investigated as a “major cybersecurity incident.”investigating the incident
“Treasury takes all threats against our systems and the data it holds very seriously. Over the last four years, Treasury has significantly bolstered its cyber defence, and we will continue to work with private and public sector partners to protect our financial system from threat actors,” a department spokesperson said.
How ‘Chinese hackers’ managed to access systems and files
The report says the intrusion occurred after hackers compromised a third-party software service provider, BeyondTrust, and gained access to a key to secure remote technical support services.
The Treasury Department learned of the latest problem on December 8 when BeyondTrust flagged that hackers had stolen a key “used by the vendor to secure a cloud-based service used to provide technical support” to workers remotely.
The compromised service has been taken offline, and an investigation is underway involving the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and other relevant authorities.
What China has to say
A foreign ministry spokesperson in Beijing responded to hacking allegations, saying they lack evidence.
“We have repeatedly stated our position on groundless accusations lacking evidence. China consistently opposes all forms of hacking, and we are even more opposed to disseminating false information against China for political purposes,” Mao Ning said.
