In a “major incident,” according to a letter from the US Treasury Department to lawmakers that Treasury officials sent to Reuters on Monday ( Dec 30 ), Chinese state-sponsored hackers broke into the US Treasury Department’s computer security guardrails this month and stole documents.
BeyondTrust, a third-party security service provider, was hacked by the hackers, who were able to obtain unidentified documents, the letter claimed.
Hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support to Treasury Departmental Offices ( DO ) end users,” according to the letter. With exposure to the stolen code, the danger actor was able to bypass the company’s security, remotely access certain Treasury Would user workstations, and access certain unclassified documents maintained by those users”.
BeyondTrust, a company that the Treasury Department was alerted to the breach on December 8, stated that it was working with the US Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation ( FBI ) to assess the impact of the hack.
Treasury leaders did not respond to an email seeking more information about the hack right away. CISA referred questions back to the Treasury Department while the FBI did not immediately respond to Reuters ‘ requests for comment. Beijing” strategically opposes the US’s slander strikes against China without any scientific base,” according to a representative for the Chinese Embassy in Washington.
BeyondTrust, based in Johns Creek, Georgia, did not immediately respond to requests for comment, but on its website, the company said it had lately identified a security incident that involved a limited number of customers of its rural aid program. A modern key had been compromised in the affair, according to the speech, and an investigation was being conducted.
SentinelOne’s Tom Hegel, a scientist who studies security, said it appeared the safety incident described by BeyondTrust matched the reported Treasury hack, but he warned that the business would need to verify any connection.
” This tragedy fits a well-known pattern of activities by PRC-linked groups, with a special emphasis on abusing trusted third-party service,” he said, using an abbreviation for the People’s Republic of China.  ,