US Treasury Hacked by Chinese Cyber Actors: A Major Incident Raises Alarms

In what has been described as a "major incident," the US Treasury Department revealed that its systems were breached by a Chinese state-sponsored hacker. The cyberattack, which occurred earlier this month, has raised significant concerns about the vulnerabilities of critical government systems. According to American officials, the hacker accessed employee workstations and some unclassified documents through a third-party service provider’s security flaw.

The breach was disclosed in a letter from the Treasury Department to lawmakers, detailing the incident and the ongoing investigation. The hacker reportedly exploited a key used by BeyondTrust, a third-party remote technical support provider. This access allowed the attacker to override security protocols and gain entry into several Treasury user workstations. BeyondTrust, now offline, first identified suspicious activity on December 2, but it took three days for the company to confirm the breach and notify the Treasury Department.

The Treasury has been collaborating with the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and forensic experts to assess the scale of the breach and its potential impact. Preliminary findings suggest the attack was carried out by an Advanced Persistent Threat (APT) actor based in China. Treasury officials stated that such intrusions are categorized as major cybersecurity incidents under their policies, warranting immediate attention and comprehensive investigation.

Although the nature of the unclassified documents accessed remains undisclosed, officials confirmed that the attackers primarily sought information rather than financial theft. The breach has highlighted the risks posed by third-party services and their potential to compromise sensitive systems. Experts have pointed out that even low-level breaches could become critical, depending on the specific documents accessed or the ability to create accounts and modify passwords during the incident.

Chinese officials have denied the allegations, labeling them as part of a “smear attack.” Liu Pengyu, a spokesman for the Chinese embassy in Washington, issued a statement urging the US to base its conclusions on evidence rather than speculation. “We hope that relevant parties will adopt a professional and responsible attitude when characterizing cyber incidents,” he said, emphasizing the difficulty in tracing the origins of cyberattacks.

This incident is the latest in a series of high-profile cyber breaches attributed to Chinese state-sponsored actors. In December, a similar attack targeted telecom companies, potentially compromising phone record data across the US. Such incidents have intensified tensions between the US and China, with cybersecurity becoming a major flashpoint in their relations.

The Treasury Department assured the public that it is taking all necessary measures to address the breach and strengthen its defenses against future attacks. Officials stated that a supplemental report on the investigation would be submitted to lawmakers within 30 days.

This breach underscores the growing sophistication of state-sponsored cyberattacks and the challenges faced by governments in safeguarding critical infrastructure. As investigations continue, it remains to be seen how this incident will impact US cybersecurity policies and its ongoing tensions with China.

Refrence From: www.bbc.com