- The US Treasury has confirmed that it suffered a breach
- The compromise occurred through third-party systems BeyondTrust
- China has denied any involvement.
The United States Department of the Treasury has confirmed that documents have been stolen and systems compromised in a cyberattack it has called a “major incident.” The compromise occurred through a third-party cybersecurity service provider, BeyondTrust, which allowed remote access to key systems.
Through this system, hackers were able to gain access used by the vendor to override parts of the Treasury Department’s systems, the agency confirmed in a disclosure letter to Congress. Since then, the third-party system, which normally offers remote technical support to employees, is no longer available.
The agency’s initial assessments suggest the attack was carried out by “an advanced persistent threat actor based in China,” the officials said. China called the allegation “baseless” and said it “systematically opposes all forms of hacking.”
A short-lived gap
The suspicious activity was first detected on December 2, and BeyondTrust informed Treasury of the hack on December 8, although it took three days for the company to determine that it had been breached.
It is not clear what type of files were taken or what they relate to, but more details are expected to be revealed in the Treasury’s 30-day supplementary report.
This attack follows a massive telecommunications breach that targeted nine major U.S. telecommunications companies and compromised millions of people.
The telecommunications breach, attributed to the Chinese state-sponsored group Salt Typhoon, resulted in a pledge of retaliation from President-elect Trump, and China also denied any wrongdoing in connection with this attack.
“The United States must stop using cybersecurity to smear and slander China, and stop spreading all kinds of disinformation about so-called Chinese hacking threats,” said Chinese embassy spokesman in Washington DC, Liu Pengyu.
Via BBC
