US Treasury says it was hacked by China in ‘major incident’

MT HANNACH
4 Min Read
Disclosure: This website may contain affiliate links, which means I may earn a commission if you click on the link and make a purchase. I only recommend products or services that I personally use and believe will add value to my readers. Your support is appreciated!

A Chinese state-sponsored hacker broke into U.S. Treasury Department systems earlier this month and gained access to employee workstations and some unclassified documents, U.S. officials said Monday.

The Treasury Department deemed the breach a “major incident” after disclosing it via a letter informing lawmakers of the incident.

The US agency said it was working with the FBI and other agencies to investigate the impact of the hack.

A spokesperson for the Chinese embassy in Washington DC told BBC News the accusation was part of a “smear attack” and was made “without any factual basis”.

The Treasury Department said in its letter to lawmakers that the China-based actor was able to bypass security via a key used by a third-party service provider. The application offers remote technical assistance to its employees.

The compromised third-party service – called BeyondTrust – has since been taken offline, officials said. There was no evidence to suggest that the hacker had continued to access Treasury Department information since, the statement continued.

The department said it worked with the Cybersecurity and Infrastructure Security Agency and third-party forensic investigators to determine the overall impact.

Authorities said initial investigations suggested the hack appeared to have been carried out by “a China-based advanced persistent threat (APT) actor.”

“Consistent with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident,” Treasury Department officials said.

The department was informed of the hack on December 8 by BeyondTrust, a spokesperson told the BBC. According to the company, the suspicious activity was first spotted on December 2, but it took three days for the company to determine that it had been hacked.

The spokesperson said the hacker was able to remotely access several Treasury user workstations and some unclassified documents maintained by those users.

The ministry did not specify the nature of these files, nor when and for how long the hacking took place. They also did not specify the level of confidentiality of the computer systems or the seniority of the staff whose documents were consulted.

The hackers may have been able to create accounts or change passwords during the three days they were monitored by BeyondTrust.

As espionage agents, the hackers would have sought information rather than attempting to steal funds.

The spokesperson said the Treasury Department “takes all threats to our systems and the data they hold very seriously” and will continue to work to protect its data from outside threats.

The department’s letter said an additional report on the incident will be provided to lawmakers in 30 days.

Chinese Embassy spokesperson Liu Pengyu denied the department’s reports, saying in a statement that it could be difficult to trace the origins of the hackers.

“We hope that relevant parties will adopt a professional and responsible attitude when characterizing cyber incidents, basing their conclusions on sufficient evidence rather than speculation and unfounded accusations,” he said.

“The United States must stop using cybersecurity to defame and slander China, and stop spreading all kinds of disinformation about so-called Chinese hacking threats.”

It is the latest embarrassing and high-profile U.S. breach blamed on Chinese hackers.

This follows another hack of telecommunications companies in December that potentially breached phone records data across large swaths of American society.

Share This Article
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *