Chinese hackers accessed U.S. Treasury workstations and unclassified documents

Posted on by Olivia Bennett
Chinese hackers accessed U.S. Treasury workstations and unclassified documents

The U.S. Treasury has been hacked by a China-backed actor, who accessed government workstations and unclassified documents, officials revealed.

The department made the revelation Monday after being notified December 8 by third-party software provider BeyondTrust that a hacker had accessed a security key, letting the hacker get past certain safety measures, according to The Washington Post.

The Treasury Department notified the Senate Banking Committee of the breach in a letter viewed by several media outlets. The department called the breach a “major incident.” Department policy categorizes nation-state hacking incidents as “major,” according to the letter.

When the Treasury Department was notified of the incident, it reached out to the Cybersecurity and Infrastructure Security Agency (CISA), and the BeyondTrust service has been taken offline, a Treasury spokesperson said, according to The Post.

The department didn’t say how many workstations had been accessed or what kind of documents the hackers could have obtained. But in its letter to lawmakers the department said that “at this time there is no evidence indicating the threat actor has continued access to Treasury information.”

“Treasury takes very seriously all threats against our systems, and the data it holds,” the department added. “Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors.”

The exterior of the U.S. Department of Treasury building. The department was notified of a hack on December 8
The exterior of the U.S. Department of Treasury building. The department was notified of a hack on December 8 (Getty Images)

Assistant Treasury Secretary Aditi Hardikar noted in Monday’s letter that it was working with CISA as well as the FBI, but didn’t say anything further other than the hack had been attributed to Chinese actors.

“Based on available indicators, the incident has been attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) actor,” Hardikar said in the letter, according to CNN.

“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury [Departmental Office] user workstations, and access certain unclassified documents maintained by those users,” Hardikar added.

“CISA was engaged immediately upon Treasury’s knowledge of the attack, and the remaining governing bodies were contacted as soon as the scope of the attack became evident,” the letter noted.

Source: independent.co.uk

Related Posts