The U.S. Treasury Department was hacked by a Chinese state-sponsored actor through a third-party software service provider, in response to a letter the agency sent to Congress on Monday.
The Treasury Department was notified on Dec. 8 by a third-party software provider, BeyondTrust Inc., that a hacker had gained access “to a key used by the provider to secure a cloud-based service used to access from the “To provide remote technical support to finance department offices (DO) end users,” the letter states.
The department is supported by the Cybersecurity and Infrastructure Security Agency, the FBI, the intelligence community and out of doors forensic investigators.
According to the available information, advanced hackers with ties to China were behind the incident, in response to the letter.
The Chinese Embassy in Washington rejects “U.S. slander attacks against China without any factual basis,” it said in an emailed statement. “The US must stop using cybersecurity to denigrate and slander China and stop spreading all kinds of disinformation about the so-called Chinese hacker threat,” it said.
BeyondTrust, which sells managed access software and other cybersecurity products, holds contracts with the federal government price greater than $4 million, in response to government data compiled by Bloomberg. The data shows that along with the Treasury Department, BeyondTrust also does business with the Departments of Defense, the Department of Veterans Affairs and the Department of Justice, amongst other agencies.
A BeyondTrust spokesman said Monday evening that a limited number of shoppers were involved, had been notified and were being offered assistance. The spokesperson added that law enforcement had been contacted and the corporate was supporting the investigation.
The Defense Department, Justice Department and Veterans Affairs Department didn’t immediately reply to separate requests for comment.
The hacker was in a position to remotely access certain Treasury Department workstations and “certain unclassified documents maintained by those users,” the department's letter to Senators Sherrod Brown and Tim Scott said. Scott, a rating member of the Senate Banking, Housing and Urban Affairs Committee, also requested a briefing on the matter, a spokesman for the South Carolina Republican office said Tuesday.
“The compromised BeyondTrust service has been taken offline and there is no evidence that the threat actor continued to have access to Treasury systems or information,” a Treasury spokesperson said.
The breach disclosure comes because the White House continues to analyze what it says is an intensive cyber espionage campaign by state-sponsored Chinese hackers against U.S. telecommunications corporations. On Friday, the White House said nine telecommunications corporations were affected by the attacks, which were carried out by a bunch owned by Microsoft Corp. nicknamed Salt Typhoon.
The hackers reportedly spent months lurking in American telecommunications networks and collecting details about an unknown variety of phone calls and text messages from Americans. Among the targeted phones were those of then-presidential candidate Donald Trump and his running mate JD Vance, Trump relations and members of Vice President Kamala Harris' campaign team and others, the New York Times reported.
The alleged Chinese espionage efforts at U.S. telecommunications corporations and the Treasury Department come after a period of relative calm in U.S.-China relations in the ultimate stretch of President Joe Biden's administration.
These included the meeting between Biden and Chinese leader Xi Jinping on the APEC summit in Peru last month, a rare prisoner exchange in late November and a renewed agreement earlier this month on cooperation in science and technology.
The Salt Typhoon telecommunications hack got here up on the meeting in Peru, where Biden “made it very clear where the U.S. stands on this,” national security adviser Jake Sullivan said on the time. Xi told Biden on the meeting: “There is no evidence to support the irrational claim of so-called 'cyber attacks from China,'” the Washington embassy said on Monday.
Anne Neuberger, the deputy national security adviser for cyber and emerging technologies, said last week that the administration planned further actions to carry Beijing accountable after pushing forward a ban on China Telecom within the United States.
Originally published:
image credit : www.mercurynews.com