Threat Actor: Chinese state-sponsored hackers | Chinese state-sponsored hackers
Victim: U.S. Treasury Department | U.S. Treasury Department
Key Point :
- Chinese government hackers breached the Treasury Department’s network, specifically targeting the Office of Foreign Assets Control (OFAC).
- The breach was attributed to a state-sponsored Advanced Persistent Threat (APT) actor using a stolen Remote Support SaaS API key.
- CISA is actively monitoring the situation and coordinating with federal authorities to ensure a comprehensive response.
- There is currently no evidence that the attackers maintained access to the Treasury’s systems after the breach was identified.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today that the Treasury Department breach disclosed last week did not impact other federal agencies.
“At this time, there is no indication that any other federal agencies have been impacted by this incident,” CISA said. “CISA continues to monitor the situation and coordinate with relevant federal authorities to ensure a comprehensive response.”
The Treasury Department disclosed last Monday that Chinese government hackers breached its network in what it described as a “major cybersecurity incident” after compromising a BeyondTrust instance used by the federal agency using a stolen Remote Support SaaS API key.
In a letter to Congress, the agency said its remote support provider, BeyondTrust, first notified it of the breach on December 8th.
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor. In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident,” the letter added.
Since then, U.S. officials have revealed that the attackers specifically targeted the Office of Foreign Assets Control (OFAC), which administers and enforces trade and economic sanctions programs, likely to collect intelligence on what Chinese individuals and organizations the U.S. might consider sanctioning.
The hackers also breached the Treasury’s Office of Financial Research, but the full impact of the attack is still being assessed. However, officials said there was no evidence that the Chinese state hackers maintained access to the agency’s systems after shutting down the compromised BeyondTrust instance.
“The security of federal systems and the data they protect is of critical importance to our national security,” the U.S. cybersecurity agency added today.
“We are working aggressively to safeguard against any further impacts and will provide updates, as appropriate.”