Washington DC: In a ‘major incident’ of a cyberattack, a China “state-sponsored” actor gained access to US Treasury workstations and unclassified documents. The US Treasury Department notified Congress on Monday (local time) in this regard.
As per the third-party software service provider, BeyondTrust, hackers gained access to a key used by the vendor to secure a cloud-based service. Notably, the Treasury Department uses this service for technical support, a letter reviewed by CNN revealed.
A US Treasury official revealed that a Chinese state-sponsored Advanced Persistent Threat (APT) actor used a stolen key to remotely access certain Treasury workstations and unclassified documents, the letter claimed. Notably, the letter was addressed to Senate Banking Committee leadership.
BeyondTrust informed about the hacking on December 8. “Based on available indicators, the incident has been attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) actor,” Aditi Hardikar, assistant secretary for management at the US Treasury, wrote in the letter, as reported by ANI.
A US Treasury spokesperson told CNN that the compromised service has been taken offline and steps are being taken in coordination with law enforcement and the Cybersecurity and Infrastructure Security Agency (CISA). “There is no evidence indicating the threat actor has continued access to Treasury systems or information,” the Treasury spokesperson said.
According to CNN, Treasury officials are likely to hold a classified briefing next week with the House Financial Services Committee to analyse the breach. However, the exact timing of the briefing is yet to be decided, a senior committee staffer informed CNN.
“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury [Departmental Office] user workstations, and access certain unclassified documents maintained by those users,” the Treasury letter said.
Hardikar noted in the letter that intrusions attributed to advanced persistent threat actors are considered a “major cybersecurity incident.” The full extent of the damage caused by the breach has not yet been determined, CNN reported.
Hardikar further wrote that to “fully characterise the incident and determine its overall impact,” Treasury has been working with CISA, the FBI, US intelligence agencies, and third-party forensic investigators.
“CISA was engaged immediately upon Treasury’s knowledge of the attack, and the remaining governing bodies were contacted as soon as the scope of the attack became evident,” the letter added.
(With inputs from ANI)
