According to a letter from the U.S. Treasury Department to lawmakers revealed on Monday, Dec. 30, Chinese-backed hackers successfully infiltrated the department’s systems and stole government documents this month.
The breach, first reported by Reuters, highlights yet another instance of state-sponsored cyber espionage targeting U.S. government employees — just moments after AT&T and Verizon finally dealt with Salt Typhoon. In a statement to Senator Sherrod Brown, chair of the Committee on Banking, Housing, and Urban Affairs, the Treasury confirmed that the attack occurred in December.
In the letter, the department states that the breach was flagged by a third-party cybersecurity vendor, BeyondTrust, which discovered that the attackers had compromised a key used to secure a cloud-based service. That service was integral to providing remote technical support to end users within the department’s offices.
Mashable Light Speed
“With access to the stolen key, the threat actor was able [to] override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users,” the letter reads.
The Treasury revealed it was alerted to the breach on Dec. 8 and is collaborating with the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to evaluate the scope of the incident. Reuters reports that the FBI has yet to respond to requests for comment, while CISA redirected inquiries back to the Treasury.
Topics
Cybersecurity
Government