Summary: The U.S. Department of the Treasury has reported a significant cybersecurity breach involving unauthorized access to sensitive information through a third-party software vulnerability. This incident, linked to a state-sponsored threat actor from China, highlights critical concerns regarding the security of government systems.
Threat Actor: China state-sponsored APT | China state-sponsored APT
Victim: U.S. Department of the Treasury | U.S. Department of the Treasury
Key Point :
- Compromise occurred through a vulnerability in BeyondTrust’s cloud-based remote support service.
- The threat actor gained access by exploiting a stolen security key, allowing them to bypass security measures.
- The Treasury Department is collaborating with multiple agencies to evaluate the breach’s impact.
- While the compromised service is now offline, the incident underscores ongoing risks from state-sponsored cyber threats.
The U.S. Department of the Treasury has disclosed a major cybersecurity incident, potentially compromising sensitive government information. In a letter to the Senate Committee on Banking, Housing, and Urban Affairs, Assistant Secretary for Management Aditi Hardikar revealed that a “threat actor” exploited a vulnerability in a third-party software service to gain unauthorized access to Treasury Department workstations.
The incident, attributed to a China state-sponsored Advanced Persistent Threat (APT) actor, involved the compromise of a cloud-based service provided by BeyondTrust. This service, used for remote technical support, became an entry point for the attackers after they obtained a key used by the vendor to secure the platform.
“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users,” the letter stated.
The Treasury Department is working closely with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Intelligence Community, and third-party forensic investigators to assess the full impact of the breach.
While the compromised BeyondTrust service has been taken offline, and there is currently no evidence of continued access by the threat actor, the incident raises serious concerns about the security of government systems and the ongoing threat of state-sponsored cyberattacks.
Related Posts:
Source: https://securityonline.info/treasury-department-hit-by-major-cybersecurity-incident-china-suspected/
Views: 0