Tyler Cross
Published on: January 2, 2025
China-linked threat actors successfully hacked the US Treasury and stole classified documents.
According to a letter released by Treasury members US Senators Tim Scott (R) and Sherrod Brown (D), the department considers it a major incident. The hackers accessed the Department through a third-party service.
BeyondTrust, a cybersecurity firm that worked alongside the government during Covid first discovered the breach on December 8th and promptly alerted the Treasury Department. The firm had a promising future as a close partner with the government and holds over $4 million worth of government contracts, but it’s unclear how this breach will impact their relationship.
After its discovery, CISA and the FBI began to investigate the breach — the investigation is currently ongoing.
A spokesperson for the Chinese Embassy is refuting the accusation, claiming that China “firmly opposes the US smear attacks against China without any factual basis,” Reuters reported.
Supposedly, Chinese hackers breached a third-party vendor that handled US cybersecurity. They hacked into an employee workstation and used a key they stole from that vendor to hack into a cloud service platform that provided technical support to the Treasury Department.
The hackers could “override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
Officials warned that while many citizens will have had their data leaked, it was primarily senior officers who were targeted.
“(The) attackers used the platform like a backdoor on Treasury machines where it was installed,” writes Senior Researcher John Scott-Railton of the Citizen Lab at the University of Toronto.
After the breach was discovered, BeyondTrust was swiftly taken offline. A spokesperson for BeyondTrust assured the public that they were cooperating with the investigation. As of now, the company has not officially confirmed a PRC link.
“Given BeyondTrust’s big client list, makes one wonder if other customers were targeted,” Scott-Railton said.
As of now, the FBI and CISA have not made any public statements.
