iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The US Treasury has revealed that the Chinese state-sponsored hackers that breached its systems in December exfiltrated documents.
On 8 December, security software provider BeyondTrust notified the US Treasury that a threat actor had used a key to access a vendor “secure cloud-based service” used to provide technical support to Treasury Departmental Offices end users.
“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users,” said the Treasury in a letter to lawmakers.
The attack has so far been attributed to an unnamed Chinese state-sponsored APT actor based on investigations to date. The Treasury said that the service in question has been taken offline and that continued access by the threat actor has not been detected.
“Treasury has been working with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Intelligence Community, and third-party forensic investigators to fully characterise the incident and determine its overall impact. CISA was engaged immediately upon Treasury’s knowledge of the attack, and the remaining governing bodies were contacted as soon as the scope of the attack became evident,” it said.
While not necessarily the same APT, the US Department of Treasury announced sanctions against a China-based cyber security company after it played a part in a computer-intrusion campaign against US users, an attack attributed to Chinese APT Flax Typhoon.
The department said in a statement that Integrity Technology Group had ties to the Ministry of State Security, was a large Chinese government contractor and had hackers working for the government to target US and other overseas critical infrastructure.
“The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions,” said acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith.
“The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defences.”
Be the first to hear the latest developments in the cyber industry.
