The US Treasury Department recently disclosed a significant cybersecurity incident involving a China state-sponsored actor infiltrating Treasury workstations. The breach was discovered when a third-party software service provider notified the Treasury on December 8 that a threat actor had gained unauthorized access using a stolen key to certain workstations and unclassified documents.
According to Treasury officials, the incident has been attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) actor. The compromised service has since been taken offline, and the Treasury is collaborating with law enforcement and the Cybersecurity and Infrastructure Security Agency (CISA) to address the situation.
While there is no evidence of continued access to Treasury systems, officials are taking precautions to ensure the security of their networks. The Treasury plans to conduct a classified briefing with the House Financial Services Committee to provide more details about the breach.
China's Foreign Ministry denied the accusations, stating that China opposes all forms of cyberattacks and false information for political purposes. The third-party software service provider, BeyondTrust, confirmed that hackers exploited a security vulnerability in their Remote Support product, leading to the breach.
Although the exact number of infiltrated workstations remains unclear, the Treasury considers this incident a major cybersecurity breach. They are actively working with various agencies and forensic investigators to assess the impact and secure their systems.
As the investigation continues, Treasury officials are required to provide a comprehensive update within 30 days. The incident underscores the ongoing challenges posed by state-sponsored cyber threats and the importance of robust cybersecurity measures to safeguard sensitive government information.
