The US Treasury Department, in a letter, confirmed that cybercriminals got access to their remote workstations and accessed some unclassified documents.
A joint investigation between the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), intelligence community, and third-party investigators analyzed the incidents and attributed the attack to China.
Given the indicators found and the nature of the incident, China was the established suspect.
How did the attack occur?
Reading from the letter “On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
Also read: 16 Chrome Extensions Hacked, You Need to Uninstall Right Away
Although what was compromised has been taken offline, there is no guarantee those threat actors still have access to the system or not.
The US has been prone to the attacks of China as Chinese hacker groups hacked major telecommunications companies in the country which led to the breach of sensitive call data and text messages.
What’s the way forward?
The Treasury considers the attack as a “major cybersecurity incident” and as a result of that, a follow-up report will be issued in their 30-day supplementary report.
About Author
