31 December 2024 , 08:34
544
0
Chinese hackers have accessed US documents in a ‘major cybersecurity incident’.
The hackers remotely broke into several Treasury Department workstations and unclassified documents after getting past a third-party software service provider, according to the federal agency on Monday.
Hackers ‘gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users,’ the US Treasury Department stated in a letter to Congress.
‘With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.’
The third-party software provider BeyondTrust informed the US Treasury Department of the breach on December 8 (Picture: BeyondTrust)
It was not immediately disclosed which type of documents were seen.
‘At this time there is no evidence indicating the threat actor has continued access to Treasury information,’ stated the letter to lawmakers.
The Treasury Department became aware of the issue when the third-party provider, BeyondTrust, informed the agency on December 8 that hackers stole a key that allowed them to override security hurdles and enter employee workstations.
Since then, the service has been taken down and it does not appear that the hackers can still see agency information, Assistant Treasury Secretary Aditi Hardikar stated in the letter.
The department has blamed Chinese state-sponsored actors but not provided more details.
Just how wide the breach was is under investigation by the FBI and the Cybersecurity and Infrastructure Security Agency.
It happened two months after Chinese hackers allegedly targeted mobile phones used by then-2024 presidential candidate Donald Trump and his running mate JD Vance, as well as Vice President Kamala Harris’ campaign. Some cybersecurity experts at the time suspected that the Salt Typhoon group, which is run by the Chinese government, was responsible for the incident.
On Friday, a US official said that the number of telecommunications companies that were impacted by a recent Salt Typhoon hack that allowed China to access texts and phone calls of an unknown number of Americans was up to nine.