The US Treasury Department notified the US Congress on Monday that its systems were hacked by hackers linked to China. The incident occurred at the beginning of the month. According to the department, as a result of the cyber attack, the attackers gained access to the workstations of government employees and unclassified documents. The New York Times newspaper writes about this, having read the letter from the Ministry of Finance to the US Congress.
Image source: Hack Capital/unsplash.com
The letter said that on December 8, a contractor for software company BeyondTrust notified the Treasury Department that a hacker had obtained a security key that allowed him to remotely access workstations that stored unclassified documents. Since the Chinese-sponsored hacker group APT (Advanced Persistent Threat) is suspected of organizing the cyberattack, the incident is classified as a “major cybersecurity incident,” the US Treasury Department said in a letter.
BeyondTrust is currently conducting an investigation with the Cybersecurity and Infrastructure Agency (CISA) and the FBI. According to BeyondTrust’s website, the company serves more than 20,000 clients in more than 100 countries. Its remote access tools are used by 75% of Fortune 100 organizations.
According to a BeyondTrust spokesperson, the company was notified on December 5 of the compromised API key, which was immediately revoked. It is currently working with affected customers to resolve the attack related to the Remote Support product. BeyondTrust also emphasized that its other products were not affected by this incident.
This is not the first time that the United States has accused Chinese-linked hackers of attacking the country’s infrastructure. Earlier this year, Commerce Secretary Gina Raimondo’s emails were reported to have been hacked as she was deciding on new export controls to limit Chinese firms’ access to advanced technology. Hackers took similar actions against the US State Department, writes The New York Times.
At least nine U.S. telecommunications companies have been targeted by Chinese state-backed hacker group Salt Typhoon, according to the White House. The attackers also obtained a nearly complete list of phone numbers that the Justice Department had used for wiretapping as part of surveillance of suspected criminals or spies.
In response to Salt Typhoon’s actions, the US Commerce Department said this month it would ban China Telecom’s remaining operations in the United States.
The Chinese Embassy in Washington (USA) told TASS at the end of October that the United States should stop hacker attacks around the world and refrain from slandering other countries under the pretext of ensuring cybersecurity. “The United States itself is the source and largest perpetrator of cyber attacks,” said a representative of the Chinese diplomatic mission, commenting on statements by the FBI and CISA.