On Monday, Treasury Department officials admitted to lawmakers that state-sponsored Chinese hackers had compromised their computers and stolen documents in what they called a “major incident,” according to Reuters.
In a letter sent to members of Congress, Treasury Department officials said that the hackers “gained access to a key used by [a third-party] vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
The vendor in question was Georgia-based BeyondTrust, which notified Treasury Department officials of the leak on December 8. The letter further went on to claim that “based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor.”
The Chinese government implausibly denied responsibility for the hack, saying, “China has always opposed all forms of hacker attacks.”
This is not even the first time this year that a major Chinese state-sponsored espionage/hacking operation has been revealed. Earlier this year, the CCP-sponsored Salt Typhoon campaign successfully gained access to the wireless networks of Verizon, AT&T, and others. This hack allowed the Chinese government to read the text messages of an unknown number of Americans.
Disturbingly, although the breach was revealed in October, the FBI said earlier this month that officials still have not been able to evict the Chinese hackers from these networks and further said that it is “impossible to predict a time frame on when we’ll have full eviction.”
The Treasury Department letter claimed that the affected service has been taken offline and that the hackers no longer have access to the Treasury Department documents. It also promised that an investigation is under way.
Crime
