According to the U.S. Treasury Department, a state-sponsored Chinese hacking group gained access to Treasury employees’ desktop computers through third-party software in what it is referring to as “a major incident.”
The U.S. Department of the Treasury’s assistant secretary for management, Aditi Hardikar, told NBC News in a letter that the agency was informed of the breach on December 8. Sen. Sherrod Brown, D-Ohio, and Sen. Tim Scott, R-S.C., the chairman and ranking member of the Committee on Banking, Housing, and Urban Affairs, respectively, are the recipients of the letter.
Hardikar stated that the Treasury Department was informed by “a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users.”
This access allowed the “threat actor” to bypass security protocols and get access to the workstations of department office users. The “threat actor” obtained unclassified documents containing information.
According to the letter, the U.S. Treasury has been collaborating with “third-party forensic investigators to fully characterize the incident and determine its overall impact,” in addition to the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and other intelligence community members.
A Treasury representative reaffirmed the letter’s contents in an NBC News statement, stating that “The compromised BeyondTrust service has been taken offline” and that there is “no evidence indicating the threat actor has continued access to Treasury systems or information.” To determine the impact of this occurrence, the department is coordinating with other agencies, such as the FBI and the Cybersecurity and Infrastructure Security Agency, according to the spokeswoman.
“Any threats to our systems and the data they contain are taken very seriously by Treasury. In order to defend our financial system against threat actors, Treasury has greatly strengthened its cyber defense over the past four years, and we will keep collaborating with partners in the public and commercial sectors,” the statement partially states.
According to the letter, other agencies assisted the U.S. Treasury in determining that Chinese hackers were responsible for the intrusion.
According to the letter, a follow-up report would be available within 30 days.
Note: Every piece of content is rigorously reviewed by our team of experienced writers and editors to ensure its accuracy. Our writers use credible sources and adhere to strict fact-checking protocols to verify all claims and data before publication. If an error is identified, we promptly correct it and strive for transparency in all updates, feel free to reach out to us via email. We appreciate your trust and support!