The Chinese government denied responsibility after a threat actor breached employee workstations at the US Treasury earlier this month, gaining remote access to certain “unclassified” documents.
United States Treasury officials told lawmakers in a Dec. 30 letter that they were informed of the “major incident” by third-party software service provider BeyondTrust on Dec. 8, according to reports.
“Based on available indicators, the incident has been attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) actor,” said Aditi Hardikar, assistant secretary for management at the Treasury, in a letter obtained by TechCrunch and other outlets, including CNN.
Extract from Aditi Hardikar’s letter to US Senators. Source: TechCrunch
China has denied responsibility for the attack, telling Reuters it “firmly opposes the U.S.’s smear attacks against China without any factual basis.”
Meanwhile, the compromised service has since been taken offline, Hardikar told US senators Sherrod Brown and Tim Scott of the Banking Committee.
“There is no evidence indicating the threat actor has continued access to Treasury systems or information.”
Treasury officials were working with the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, US intelligence agencies and third-party forensic investigators to further examine the incident.
Cointelegraph reached out to the US Treasury but didn’t receive an immediate response.
How the breach happened
BeyondTrust said it identified a security incident in its Remote Support product on Dec. 2, and after “anomalous behavior” was confirmed on Dec. 5, it immediately revoked the API key and notified impacted customers soon after.
“Law enforcement was notified and BeyondTrust has been supporting the investigative efforts,” a BeyondTrust spokesperson told Cointelegraph.
More details will be provided in a 30-day supplemental report that the Treasury must provide under the Federal Information Security Modernization Act.
It follows the most recent Salt Typhoon breach, where cybercriminals were able to access phone calls and text messages from lawmakers, The Guardian noted.
Related: Chinese hackers use fake Skype app to target crypto users in new phishing scam
Treasury officials are reportedly planning to hold a classified briefing about the breach next week with staffers from the House Financial Services Committee, CNN said.
Hacks ran rampant in the crypto industry this year too, with thieves stealing over $2.3 billion worth of crypto assets across 165 major incidents in 2024, marking a 40% increase compared to 2023, blockchain security firm Cyvers recently reported.
The 40% increase was mainly attributed to the rise of access control breaches, particularly on centralized exchanges and custodian platforms.
Magazine: ‘SEAL 911’ team of white hats formed to fight crypto hacks in real time