The US Treasury says China obtained government documents in a “major” cyberattack.
The U.S. Treasury Department told lawmakers in a letter Monday that it was the target of a cyberattack earlier in December, which the department attributed to Chinese government hackers.
In the letter shared with senior lawmakers in the US House of Representatives, Which was witnessed by TechCrunchThe Treasury Department said the hackers gained remote access to some Treasury employees’ workstations and accessed unclassified documents, in what it described as a “major cybersecurity incident.”
The Treasury Department said it was notified on December 8 by BeyondTrust, a company that provides identity access and remote support technology to large organizations and government departments, that hackers “gained access to the key used by the vendor” to provide technical support for remote access to Treasury employees. . Beyond Trust The incident was revealed at the timeBut he did not say how the key was obtained.
A BeyondTrust spokesperson did not respond to a request for comment at the time of publication.
The letter said the department had contacted the US cybersecurity agency CISA for assistance, and that as of December 30, it had “no evidence to suggest that the threat actor continues to access Treasury information.”
The Treasury Department confirmed in the letter that it attributed the hack to a Chinese state-sponsored company Advanced persistent threat group, indicating support from the Chinese government. It is not clear what group was behind this intrusion, and the official spokesperson did not mention this.
In a brief statement, Treasury spokesman Michael Gowen said the hackers were able to “remotely access multiple Treasury users’ workstations and some non-confidential documents held by those users.”
“Treasury takes seriously all threats against our systems and the data it holds. Over the past four years, Treasury has significantly strengthened its cyber defense, and we will continue to work with public and private sector partners to protect our financial system from threat actors,” the spokesperson said. .
This is the latest China-linked cyber attack targeting the US government in recent months. Chinese-backed hackers dubbed Salt Tycoon were the ones behind the attack A wave of cyber attacks It targets US phone companies and internet giants, including AT&T and Verizon, in an attempt to access the private communications of top US government officials, including presidential candidates.
Liu Bingyu, spokesman for the Chinese Embassy in Washington, D.C., denied that the US government attributed the cyber attack to the Chinese government, arguing that the United States did not provide evidence for its claims.
Updated with comment from the Chinese government.
Do you know more about the BeyondTrust cyberattack or the incident at the Treasury Department? Connect with us securely on Signal and WhatsApp at +1 646-755-8849 and you can also send files and documents via SecureDrop.
