In a letter shared with senior U.S. House lawmakers, the U.S. Treasury Department revealed that it was hit by a major cyberattack earlier in December. The attack is believed to have been perpetrated by Chinese government hackers.
The Attack and Its Aftermath
According to the letter, the hackers gained remote access to certain Treasury employee workstations and had access to unclassified documents. This incident has been described as a "major cybersecurity incident" by the Treasury Department. The department was notified on December 8 by BeyondTrust, a company that provides identity access and remote support technology for large organizations and government departments.
BeyondTrust disclosed the incident at the time but did not reveal how the hackers obtained access to a key used by the vendor for providing remote access technical support to Treasury employees. A spokesperson for BeyondTrust did not respond to a request for comment.
Attribution of the Attack
The Treasury Department confirmed in the letter that it attributed the breach to a China state-sponsored advanced persistent threat group, indicating backing from the Chinese government. However, it is unclear which specific group was behind the intrusion.
A spokesperson for the Treasury Department stated: "Treasury takes very seriously all threats against our systems, and the data it holds. Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors."
Recent Cyberattacks Linked to China
This latest cyberattack is just one of several incidents linked to China that have targeted the U.S. government in recent months. In a separate incident, hackers dubbed Salt Typhoon were behind a wave of cyberattacks targeting U.S. phone companies and internet giants, including AT&T and Verizon.
Chinese Government Response
Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, D.C., denied the U.S. government’s attribution of the cyberattack to the Chinese government, arguing that the United States did not present evidence of its claims.
BeyondTrust Statement
In a statement provided to TechCrunch on Tuesday, BeyondTrust spokesperson Mike Bradshaw said: "We notified a limited number of customers whose systems were accessed during the December 8 incident. We take these incidents seriously and are working with our partners to prevent similar incidents in the future."
Timeline of Events
- December 8: BeyondTrust notifies the Treasury Department that hackers have gained access to a key used by the vendor for providing remote access technical support.
- December 30: The Treasury Department confirms that it has no evidence indicating the threat actor has continued access to Treasury information.
Reactions and Statements
The U.S. government has taken steps to bolster its cyber defenses in recent years, but this latest incident highlights the ongoing threats posed by state-sponsored hackers.
This is not the first time that China-backed hackers have targeted the U.S. government or private companies. The incident serves as a reminder of the importance of robust cybersecurity measures and international cooperation in preventing such attacks.
Conclusion
The cyberattack on the U.S. Treasury Department highlights the ongoing threats posed by state-sponsored hackers and the need for robust cybersecurity measures. The attribution of the attack to Chinese government hackers has sparked concerns about the role of China in global cybersecurity and the need for increased international cooperation to prevent similar incidents in the future.
