Hackers backed by the Chinese government managed to penetrate the US Treasury Department's cyber defenses this month and steal documents, according to a letter to lawmakers provided to Reuters on Monday.
Chinese state-sponsored hackers this month breached the U.S. Treasury Department's computer security barriers and stole documents, in what the agency called a “serious incident,” according to a letter to lawmakers provided to Reuters on Monday.
The hackers compromised cybersecurity services provider BeyondTrust and were able to access unclassified documents, the letter says.
According to the document, the hackers “gained access to a key used by the vendor to protect a cloud-based service used to provide remote technical support to end users at Treasury Departmental Offices (DO).
With access to the stolen key, the threat actor was able to override the security of the service, remotely access certain workstations of Treasury DO users, and access certain unclassified documents maintained by those users.”
The Treasury Department said BeyondTrust had alerted it to the breach on Dec. 8 and was working with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to evaluate the breach. impact of the attack.
The FBI did not immediately respond to Reuters requests for comment, while CISA referred questions to the Treasury Department. A spokesperson for the Chinese embassy in Washington rejected any responsibility for the hack, stating that Beijing “firmly opposes the United States' defamatory attacks against China without any factual basis.”
BeyondTrust, based in Johns Creek, Georgia, did not immediately respond to requests for comment, but on its website, the company said it had recently identified a security incident affecting a limited number of customers of its remote support software. .
The statement stated that a digital key had been compromised in the incident and that an investigation was underway.
Tom Hegel, a threat researcher at cybersecurity firm SentinelOne SN, said it appeared the security incident described by BeyondTrust closely matched the hack reported to the Treasury, although he cautioned that the firm itself would have to confirm any connection.
“This incident fits a well-documented pattern of operations by groups linked to the People's Republic of China, with a particular focus on the abuse of trusted third-party services – a method that has become increasingly prominent in recent years. years,” Hegel noted.