Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Chinese state-sponsored advanced persistent threat (APT) Silk Typhoon has been linked to the cyber attack on the US Treasury that occurred last month.
On 8 December, security software provider BeyondTrust notified the US Treasury that a threat actor had used a key to access a vendor “secure cloud-based service” used to provide technical support to Treasury departmental offices end users.
“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users,” the Treasury said in a letter to lawmakers.
Just days ago, the US Cybersecurity and Infrastructure Security Agency (CISA) announced that a Chinese state-sponsored threat actor was behind the breach, a claim which China denied.
Now, the Silk Typhoon APT has been linked to the US Treasury cyber attack.
In a report by Bloomberg, threat actors from the Silk Typhoon APT are believed to have used a key stolen from BeyondTrust to access “unclassified information relating to potential sanctions actions and other documents”.
The group, which is also known as Hafnium, is best known for targeting “healthcare, law firms, higher education, defense contractors, policy think tanks, and non-governmental organization (NGOs) located in the United States, Australia, Japan, and Vietnam,” according to Microsoft.
The aim of their operations is largely data gathering and reconnaissance, collecting data on the targeted infrastructure. They are known for exploiting zero-day vulnerabilities and using tools such as China Chopper.
While Silk Typhoon has now been blamed for the incident, the US confirmed earlier this week that there was no indication of any wider US government data breach.
In a media release, CISA wrote that it is currently investigating but that no government or federal agencies show any indication of being impacted by the incident.
“CISA is working closely with the Treasury Department and BeyondTrust to understand and mitigate the impacts of the recent cyber security incident,” the statement said.
“At this time, there is no indication that any other federal agencies have been impacted by this incident. CISA continues to monitor the situation and coordinate with relevant federal authorities to ensure a comprehensive response.
“The security of federal systems and the data they protect is of critical importance to our national security. We are working aggressively to safeguard against any further impacts and will provide updates, as appropriate.”
Be the first to hear the latest developments in the cyber industry.
