According to US officials, a Chinese state-sponsored hacker successfully entered the US Treasury Department systems, obtaining access to employee workstations and certain unclassified information. The Treasury Department wrote to Congress early in December to inform them of the cybersecurity compromise.
The hack, described as a “major incident,” has led the department to work with the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and outside forensic investigators to determine the extent of the breach.
What Caused the Breach?
According to the letter from the Treasury Department, a key used by BeyondTrust, a third-party service provider that provides remote technical support, enabled the breach. The actor used this key from China to circumvent security measures.
Since then, the compromised service, BeyondTrust, has been shut down. Officials promised that after the original incident, there is no indication that the hacker has continued to access Treasury Department computers.
“In accordance with Treasury Department policy, intrusions attributable to an Advanced Persistent Threat (APT) are considered a major cybersecurity breach,” the Treasury Department wrote in its letter.
What was the timeline for the hack's detection?
BeyondTrust discovered the suspicious activity for the first time on December 2. But the corporation didn’t realize it had been hacked for three days. On December 8, the incident was formally reported to the Treasury Department.
During this period, the hacker allegedly accessed several user computers and some unclassified papers. The department has not revealed the type of files and the degree of secrecy of the impacted systems.
Was the hacker trying to steal money, or was he looking for information?
Instead of trying to steal money, authorities think the hackers were mainly looking for information. A spokesman for the Treasury Department said the hackers may have changed passwords or created accounts during the three days BeyondTrust monitored them.
A spokeswoman stated that the Treasury Department is still dedicated to strengthening its cybersecurity defences and that “the Treasury Department takes very seriously all threats against our systems and the data it holds.”
How Has China Reacted to the Charges?
The Chinese embassy in Washington, DC, has vehemently refuted the charges, referring to them as a “smear attack” devoid of supporting evidence.
“We hope that relevant parties will adopt a professional and responsible attitude when characterizing cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations,” Liu Pengyu, the spokeswoman for the embassy.
Additionally, Liu called on the United States to “stop using cyber security to smear and slander China” and to stop disseminating “disinformation about the so-called Chinese hacking threats.”
How is the investigation progressing, and what comes next?
In a letter to Congress, the department affirmed that it will provide a follow-up report on the incident within 30 days.
Government agencies and forensic teams are examining the total impact of the breach as part of the continuing inquiry. The department recognized the importance of such a cybersecurity incident, even though few facts are available regarding the compromised systems and records.
Is It the First Time It Has Happened?
Chinese espionage hackers have been implicated in several high-profile cybersecurity breaches, this one being the most recent. Data from phone records belonging to large segments of the American population may have been exposed in a December attack that targeted telecom providers.
The hack at the Treasury Department highlights the ongoing difficulties caused by state-sponsored assaults. The event has further brought attention to the urgent need for strong cybersecurity measures to secure sensitive government data, even though the entire extent of the harm is still unknown.
