The US Treasury was hacked

As previously reported by the U.S. Treasury, it suffered a “significant” security incident after hackers sponsored by the Chinese government breached third-party remote management software used by the U.S. Treasury. new york times.

In a letter to lawmakers The VergeThe Treasury Department said BeyondTrust, a company that developed remote management software, notified the agency of the breach on Dec. 8.

Threat actors stole keys used by BeyondTrust “to secure cloud-based services used to remotely provide technical support to Treasury DO end users.” Using the keys, they bypassed security to remotely access those users’ workstations and “some unclassified documents” they managed.

The Treasury Department said it worked with the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI after the attack was attributed to Chinese government-sponsored advanced persistent threat (APT) hackers. “The compromised BeyondTrust service has been taken offline and there is no evidence that threat actors continued to access Treasury systems or information,” Treasury spokesman Michael Gwin said in a statement. The Verge.

The attack appears to be related to a security incident disclosed by BeyondTrust earlier this month that affected customers using its remote support software. At the time, BeyondTrust said the attack was due to a compromised API key for its remote assistance software, adding that it “immediately revoked the API key, notified customers who were known to be affected, and paused their instances the same day.” The Verge We reached out to BeyondTrust for comment but did not immediately hear back.

“Treasury takes all threats to our systems and the data held within them very seriously,” Gwin said. “Over the past four years, Treasury has significantly strengthened its cyber defenses and will continue to work with private and public sector partners to protect the financial system from threat actors.”