The Department of Treasury was notified earlier this month that several of its workstations were hacked by a group believed to be linked to China, the department confirmed to CyberScoop.

According to a letter sent Monday to leaders on the Senate Committee on Banking, Housing and Urban Affairs and obtained by CyberScoop, the compromises occurred through third-party software provider BeyondTrust, which provides identity and access management security solutions.

Treasury officials were notified by BeyondTrust on Dec. 8 that “a threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices end users,” the letter states.

“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users,” wrote Aditi Hardikar, Treasury’s assistant secretary for management.

BeyondTrust did not return a request for comment seeking confirmation and further details on the incident prior to publication.

Hardikar wrote that the hacks are being classified as a “major incident” under the Federal Information Security and Modernization Act, and the department has been working with the Cybersecurity and Infrastructure Security Agency, the FBI, intelligence agencies, and third-party forensic investigators to scope out the full impact.

“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat actor,” Hardikar wrote.

In response to questions, a Treasury spokesperson said the threat actor was able to remotely access “several” Treasury user workstations as well as “certain unclassified documents” maintained by those users. The unnamed BeyondTrust service was taken offline and the department believes the actor no longer has access to Treasury systems or information.

News of the hacks was first reported by Barron’s and Agency France-Presse.

The incident comes as Washington policymakers are still reeling from a wide-ranging compromise of U.S. telecommunications infrastructure by Salt Typhoon, a hacking group linked to the Chinese government. Those compromises gave Beijing broad access to the phones and communications of high-ranking U.S. officials, including reportedly, incoming President-elect Donald Trump and Vice President-elect JD Vance.

This week, the White House said that while fewer than 100 individuals are believed to have been directly impacted by the Salt Typhoon intrusions, a larger group centered around Washington D.C. may have had their geolocation data stolen, something that could potentially allow Chinese intelligence agencies to identify the phones of additional targets.

The post Treasury workstations hacked by China-linked threat actors appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Top spy official releases principles on intel agency use of info bought from data brokers

May 8, 2024 0 Comments 0 tags

The U.S. spy chief on Wednesday published its policies for how intelligence agencies collect and use information from data brokers, but a prominent Hill critic says the guidance doesn’t address

Six Austrians Arrested in Multi-Million Euro Crypto Scheme

May 8, 2024 0 Comments 0 tags

Europol and Eurojust targeted the orchestrators of a cryptocurrency scam launched in December 2017

NSO Group Spies on People on Behalf of Governments

November 27, 2024 0 Comments 0 tags

The Israeli company NSO Group sells Pegasus spyware to countries around the world (including countries like Saudi Arabia, UAE, India, Mexico, Morocco and Rwanda). We assumed that those countries use